Bring your own device BYOD: Everyone is doing itWhat about the risks?TECHNOLOGY RISK ADVISOR SERIES – HIGHLIGHTS

01 BYOD is here to stay

02 How companies benefit from BYOD

03 The potential dangers of BYOD

04 Strategies for managing risk

05 Protect your business financials

TecHnOlOgY RiSk ADviSOR SeRieS BYOD: EVERYONE IS DOING IT

This document provides highlights from the most recent edition of the Travelers Technology Risk Advisor series, which explores risk management topics and techniques for the technology industry. Travelers invites you to access the full edition through any of the download links placed throughout this summary.

In this issue: Bring Your Own Device (BYOD)

At one time, people scoffed at the idea of a computer in every home. Today, we not only have high-speed internet available in our homes, but we also connect to the internet at will with a variety of mobile devices from almost anywhere.

01 BYOD is here to stay

02 How companies benefit from BYOD

03 The potential dangers of BYOD

04 Strategies for managing risk

05 Protect your business financials

TecHnOlOgY RiSk ADviSOR SeRieS BYOD: EVERYONE IS DOING IT

The ubiquity of personal devices is changing the corporate world. Businesses once built strong firewalls to block external access, banned employees from backing up their work on portable hard drives and allowed connectivity only through company-issued devices. Today, some of these same businesses are adapting their policies to embrace a new culture of Bring Your Own Device (BYOD). Unfortunately, this opens the door to risks and costs that companies should be managing. This is true for businesses across all industries, but even more so for technology companies.

companies used to pass out mobile devices as a privilege of rank. Today, a company-issued device is likely to be the second (after a personal smartphone) or third device (after a tablet) the employee uses. From the employee side, the solution seems obvious – use their own mobile device. The reasons for this go beyond avoiding multiple devices:

1. employees often upgrade devices more quickly, meaning that personal devices are often faster and more fun.

2. increasingly overlapping work and personal time means that employees want to connect any time, from any place, at their own convenience.

3. combined with cloud storage services, personal devices can be used to transfer files that are often much larger than what is permitted by their corporate iT department.

The reality is that employees are using their personal devices at work. There is little reason to believe the popularity of BYOD will wane anytime soon – especially in light of the upside for both employees and corporations.

01BYOD is here to stay How companies benefit from BYOD The potential dangers of BYOD Strategies for managing risk Protect your business financials

BYOD is here to stay

given the popularity of BYOD with employees, employers should consider the tangible benefits that can accrue to them as the result of embracing the BYOD phenomenon:

Increased teamwork and collaboration

BYOD increases opportunities for teams to work together and communicate more clearly, without barriers of time zones or geography.

Corporate cost reduction A May 2013 report by gartner puts the average cost of supplying mobile computing devices at $600 annually per employee. eliminating this would more than offset the estimated $100 to $300 added costs for security or employee compensation for BYOD programs.

Improved morale

employee satisfaction, motivation and innovation are strongly linked to employees’ ability to use their own devices.

How companies benefit from BYOD

BYOD is here to stay

02How companies benefit from BYOD The potential dangers of BYOD Strategies for managing risk Protect your business financials

in a survey, one large company found that 44 percent of employees find a job offer more attractive if they know the use of their personal iPads is supported at work.

TecHnOlOgY RiSk ADviSOR SeRieS BYOD: EVERYONE IS DOING IT

DOWNLOAD FULL EDITION

Companies must be prepared for the risks associated with BYOD. Employees may lose devices or fail to follow security best practices.

BYOD is here to stay How companies benefit from BYOD

03The potential dangers of BYOD Strategies for managing risk Protect your business financials

The potential dangers of BYOD

TecHnOlOgY RiSk ADviSOR SeRieS BYOD: EVERYONE IS DOING IT

DOWNLOAD FULL EDITION

1. Businesses that are tightly regulated (e.g., healthcare and financial services) can be subject to fines, liability lawsuits and remediation costs when data security is breached.

2. Hackers may attack company databases, taking advantage of public Wi-Fi connections used by the employee or malware downloaded by the employee.

3. loss of important company data: An employee who leaves the company may forget to transfer data from their personal device to a corporate database.

4. Misuse of company data: Following an involuntary separation, a former employee may misuse company data stored on their personal device.

5. legal complications: if the employer is faced with lawsuits, discovery demands can be broad enough to include all devices used by employees, including their own, regardless of whether BYOD is allowed by corporate policy.

BYOD is here to stay How companies benefit from BYOD

03The potential dangers of BYOD Strategies for managing risk Protect your business financials

The potential dangers of BYOD

TecHnOlOgY RiSk ADviSOR SeRieS BYOD: EVERYONE IS DOING IT

DOWNLOAD FULL EDITION

Strategies for managing risk

The most complete and effective defense against the risks of BYOD is to ban employee use of personal devices for work-related activities. However, abstinence can be a tough sell to employees, and non-compliance can be difficult to control. The smarter approach is to put a strong policy in place, educate employees about best practices and take actions that will manage the risk as much as possible.

BYOD is here to stay How companies benefit from BYOD The potential dangers of BYOD

04Strategies for managing risk Protect your business financials

TecHnOlOgY RiSk ADviSOR SeRieS BYOD: EVERYONE IS DOING IT

DOWNLOAD FULL EDITION

Corporate policy elements

effectively managing BYOD risks requires a close look at corporate BYOD policies.

Employee training 

employees should receive training on best practices for data security. The goal is to have them not only understand all of the elements of the corporate BYOD policy but to also realize the exposure to risk and the consequences if they fail to take the prescribed precautions.

Risk management

companies should strike a balance between restrictions to protect the corporate network and the flexibility that will allow employees to use personal devices productively.

BYOD is here to stay How companies benefit from BYOD The potential dangers of BYOD

04Strategies for managing risk Protect your business financials

Strategies for managing risk

TecHnOlOgY RiSk ADviSOR SeRieS BYOD: EVERYONE IS DOING IT

DOWNLOAD FULL EDITION

Corporate policy elements

Such policies can be more effective when they account for:

Employee training

When training is complete, employees should know:

Risk management

consider taking these actions:

Types of devices allowed and data that can be transferred to personal devices

How to access corporate data from their personal devices

vet types of personal devices

How and whether public Wi-Fi connections may be used

Which applications are risky and which are safe to use

vet types of applications allowed

Which applications are approved for use (including downloadable apps and cloud-based tools)

How to separate work and private data on their devices

Update corporate network protection with personal device use in mind, incorporating a two-step authentication process

Who has responsibility for lost or damaged personal devices

What types of work activities are appropriate for BYOD

Put in place software tools for remote wiping of data and scanning for malware and data leakage

BYOD is here to stay How companies benefit from BYOD The potential dangers of BYOD

04Strategies for managing risk Protect your business financials

Strategies for managing risk

TecHnOlOgY RiSk ADviSOR SeRieS BYOD: EVERYONE IS DOING IT

DOWNLOAD FULL EDITION

Working closely with a knowledgeable independent agent or broker is the best way to identify the right cyber policy to cover the risks that a company faces.

cyber insurance is an important tool for technology companies to consider when managing BYOD risk. These specialized policies go beyond general corporate liability policies, and can include the following:

Technology errors and omissions

coverage that protects a business that sells products and services to others when claims are made about their failure to block cyber intrusions.

Data breaches coverage that takes care of the cost-of-breach notification, public relations crisis management services, credit repair services, etc.

Network impairment

coverage that addresses losses due to hacking, denial of service attacks and other forms of cybercrime.

Protect your business financials

BYOD is here to stay How companies benefit from BYOD The potential dangers of BYOD Strategies for managing risk

05Protect your business financials

TecHnOlOgY RiSk ADviSOR SeRieS BYOD: EVERYONE IS DOING IT

DOWNLOAD FULL EDITION

Thank you

We hope you found this summary of the latest issue of our Risk Advisor Series worthwhile. To download the full edition, click the download button above.

Mike Thomachief Underwriting Officer of global Technology at Travelers

Sources:

Gartner research http://www.pcworld.com/article/2036980/half-of-companies-will-require-byod-by-2017-gartner-says.html

InformationWeek http://www.informationweek.com/mobile/6-%20risks-your-byod-policy-must-address/d/d-id/1107451?page_number=2

Legal risks http://www.informationweek.com/smb/mobile/6-risks-your-byod-policy-must-address/240142320

Osterman research http://www.ostermanresearch.com/

Trustwave graphic https://www.trustwave.com/trustednews/2013/04/infographic-the-high-cost-byod#sthash.vplp3nzr.dpbs

Symantec survey http://www.symantec.com/connect/blogs/survey-despite-security-incidents-byod-worth-risks

travelers.com

The Travelers indemnity company and its property casualty affiliates. One Tower Square, Hartford, cT 06183

This material is for informational purposes only. All statements herein are subject to the provisions, exclusions and conditions of the applicable policy. For an actual description of all coverages, terms and conditions, refer to the insurance policy. coverages are subject to individual insureds meeting our underwriting qualifications and to state availability.

© 2015 The Travelers indemnity company. All rights reserved. Travelers and the Travelers Umbrella logo are registered trademarks of The Travelers indemnity company in the U.S. and other countries. cP-8221 new 2-15

TecHnOlOgY RiSk ADviSOR SeRieS BYOD: EVERYONE IS DOING IT

DOWNLOAD FULL EDITION