travelers: technology risk advisor - bring your own device
TRANSCRIPT
Bring your own device BYOD: Everyone is doing itWhat about the risks?TECHNOLOGY RISK ADVISOR SERIES – HIGHLIGHTS
01 BYOD is here to stay
02 How companies benefit from BYOD
03 The potential dangers of BYOD
04 Strategies for managing risk
05 Protect your business financials
TecHnOlOgY RiSk ADviSOR SeRieS BYOD: EVERYONE IS DOING IT
This document provides highlights from the most recent edition of the Travelers Technology Risk Advisor series, which explores risk management topics and techniques for the technology industry. Travelers invites you to access the full edition through any of the download links placed throughout this summary.
In this issue: Bring Your Own Device (BYOD)
At one time, people scoffed at the idea of a computer in every home. Today, we not only have high-speed internet available in our homes, but we also connect to the internet at will with a variety of mobile devices from almost anywhere.
01 BYOD is here to stay
02 How companies benefit from BYOD
03 The potential dangers of BYOD
04 Strategies for managing risk
05 Protect your business financials
TecHnOlOgY RiSk ADviSOR SeRieS BYOD: EVERYONE IS DOING IT
The ubiquity of personal devices is changing the corporate world. Businesses once built strong firewalls to block external access, banned employees from backing up their work on portable hard drives and allowed connectivity only through company-issued devices. Today, some of these same businesses are adapting their policies to embrace a new culture of Bring Your Own Device (BYOD). Unfortunately, this opens the door to risks and costs that companies should be managing. This is true for businesses across all industries, but even more so for technology companies.
companies used to pass out mobile devices as a privilege of rank. Today, a company-issued device is likely to be the second (after a personal smartphone) or third device (after a tablet) the employee uses. From the employee side, the solution seems obvious – use their own mobile device. The reasons for this go beyond avoiding multiple devices:
1. employees often upgrade devices more quickly, meaning that personal devices are often faster and more fun.
2. increasingly overlapping work and personal time means that employees want to connect any time, from any place, at their own convenience.
3. combined with cloud storage services, personal devices can be used to transfer files that are often much larger than what is permitted by their corporate iT department.
The reality is that employees are using their personal devices at work. There is little reason to believe the popularity of BYOD will wane anytime soon – especially in light of the upside for both employees and corporations.
01BYOD is here to stay How companies benefit from BYOD The potential dangers of BYOD Strategies for managing risk Protect your business financials
BYOD is here to stay
given the popularity of BYOD with employees, employers should consider the tangible benefits that can accrue to them as the result of embracing the BYOD phenomenon:
Increased teamwork and collaboration
BYOD increases opportunities for teams to work together and communicate more clearly, without barriers of time zones or geography.
Corporate cost reduction A May 2013 report by gartner puts the average cost of supplying mobile computing devices at $600 annually per employee. eliminating this would more than offset the estimated $100 to $300 added costs for security or employee compensation for BYOD programs.
Improved morale
employee satisfaction, motivation and innovation are strongly linked to employees’ ability to use their own devices.
How companies benefit from BYOD
BYOD is here to stay
02How companies benefit from BYOD The potential dangers of BYOD Strategies for managing risk Protect your business financials
in a survey, one large company found that 44 percent of employees find a job offer more attractive if they know the use of their personal iPads is supported at work.
TecHnOlOgY RiSk ADviSOR SeRieS BYOD: EVERYONE IS DOING IT
DOWNLOAD FULL EDITION
Companies must be prepared for the risks associated with BYOD. Employees may lose devices or fail to follow security best practices.
BYOD is here to stay How companies benefit from BYOD
03The potential dangers of BYOD Strategies for managing risk Protect your business financials
The potential dangers of BYOD
TecHnOlOgY RiSk ADviSOR SeRieS BYOD: EVERYONE IS DOING IT
DOWNLOAD FULL EDITION
1. Businesses that are tightly regulated (e.g., healthcare and financial services) can be subject to fines, liability lawsuits and remediation costs when data security is breached.
2. Hackers may attack company databases, taking advantage of public Wi-Fi connections used by the employee or malware downloaded by the employee.
3. loss of important company data: An employee who leaves the company may forget to transfer data from their personal device to a corporate database.
4. Misuse of company data: Following an involuntary separation, a former employee may misuse company data stored on their personal device.
5. legal complications: if the employer is faced with lawsuits, discovery demands can be broad enough to include all devices used by employees, including their own, regardless of whether BYOD is allowed by corporate policy.
BYOD is here to stay How companies benefit from BYOD
03The potential dangers of BYOD Strategies for managing risk Protect your business financials
The potential dangers of BYOD
TecHnOlOgY RiSk ADviSOR SeRieS BYOD: EVERYONE IS DOING IT
DOWNLOAD FULL EDITION
Strategies for managing risk
The most complete and effective defense against the risks of BYOD is to ban employee use of personal devices for work-related activities. However, abstinence can be a tough sell to employees, and non-compliance can be difficult to control. The smarter approach is to put a strong policy in place, educate employees about best practices and take actions that will manage the risk as much as possible.
BYOD is here to stay How companies benefit from BYOD The potential dangers of BYOD
04Strategies for managing risk Protect your business financials
TecHnOlOgY RiSk ADviSOR SeRieS BYOD: EVERYONE IS DOING IT
DOWNLOAD FULL EDITION
Corporate policy elements
effectively managing BYOD risks requires a close look at corporate BYOD policies.
Employee training
employees should receive training on best practices for data security. The goal is to have them not only understand all of the elements of the corporate BYOD policy but to also realize the exposure to risk and the consequences if they fail to take the prescribed precautions.
Risk management
companies should strike a balance between restrictions to protect the corporate network and the flexibility that will allow employees to use personal devices productively.
BYOD is here to stay How companies benefit from BYOD The potential dangers of BYOD
04Strategies for managing risk Protect your business financials
Strategies for managing risk
TecHnOlOgY RiSk ADviSOR SeRieS BYOD: EVERYONE IS DOING IT
DOWNLOAD FULL EDITION
Corporate policy elements
Such policies can be more effective when they account for:
Employee training
When training is complete, employees should know:
Risk management
consider taking these actions:
Types of devices allowed and data that can be transferred to personal devices
How to access corporate data from their personal devices
vet types of personal devices
How and whether public Wi-Fi connections may be used
Which applications are risky and which are safe to use
vet types of applications allowed
Which applications are approved for use (including downloadable apps and cloud-based tools)
How to separate work and private data on their devices
Update corporate network protection with personal device use in mind, incorporating a two-step authentication process
Who has responsibility for lost or damaged personal devices
What types of work activities are appropriate for BYOD
Put in place software tools for remote wiping of data and scanning for malware and data leakage
BYOD is here to stay How companies benefit from BYOD The potential dangers of BYOD
04Strategies for managing risk Protect your business financials
Strategies for managing risk
TecHnOlOgY RiSk ADviSOR SeRieS BYOD: EVERYONE IS DOING IT
DOWNLOAD FULL EDITION
Working closely with a knowledgeable independent agent or broker is the best way to identify the right cyber policy to cover the risks that a company faces.
cyber insurance is an important tool for technology companies to consider when managing BYOD risk. These specialized policies go beyond general corporate liability policies, and can include the following:
Technology errors and omissions
coverage that protects a business that sells products and services to others when claims are made about their failure to block cyber intrusions.
Data breaches coverage that takes care of the cost-of-breach notification, public relations crisis management services, credit repair services, etc.
Network impairment
coverage that addresses losses due to hacking, denial of service attacks and other forms of cybercrime.
Protect your business financials
BYOD is here to stay How companies benefit from BYOD The potential dangers of BYOD Strategies for managing risk
05Protect your business financials
TecHnOlOgY RiSk ADviSOR SeRieS BYOD: EVERYONE IS DOING IT
DOWNLOAD FULL EDITION
Thank you
We hope you found this summary of the latest issue of our Risk Advisor Series worthwhile. To download the full edition, click the download button above.
Mike Thomachief Underwriting Officer of global Technology at Travelers
Sources:
Gartner research http://www.pcworld.com/article/2036980/half-of-companies-will-require-byod-by-2017-gartner-says.html
InformationWeek http://www.informationweek.com/mobile/6-%20risks-your-byod-policy-must-address/d/d-id/1107451?page_number=2
Legal risks http://www.informationweek.com/smb/mobile/6-risks-your-byod-policy-must-address/240142320
Osterman research http://www.ostermanresearch.com/
Trustwave graphic https://www.trustwave.com/trustednews/2013/04/infographic-the-high-cost-byod#sthash.vplp3nzr.dpbs
Symantec survey http://www.symantec.com/connect/blogs/survey-despite-security-incidents-byod-worth-risks
travelers.com
The Travelers indemnity company and its property casualty affiliates. One Tower Square, Hartford, cT 06183
This material is for informational purposes only. All statements herein are subject to the provisions, exclusions and conditions of the applicable policy. For an actual description of all coverages, terms and conditions, refer to the insurance policy. coverages are subject to individual insureds meeting our underwriting qualifications and to state availability.
© 2015 The Travelers indemnity company. All rights reserved. Travelers and the Travelers Umbrella logo are registered trademarks of The Travelers indemnity company in the U.S. and other countries. cP-8221 new 2-15
TecHnOlOgY RiSk ADviSOR SeRieS BYOD: EVERYONE IS DOING IT
DOWNLOAD FULL EDITION