What next, bring your own employee!!!!!!

We have all heard of the Bring Your Own Device (BYOD) phenomena that is happening across the business world.

It is creating major problems with ICT departments of enterprises and businesses are having problems incorporating it into their business across the world.   Although it is difficult to get heads around it is here for the time being, until the next big change in society.

Small and medium businesses and not for profit organisations are playing catch up again.  These enterprises focus more on access to data than keeping data confidential.    This also relates to the SME having to be more flexible against larger organisations.

There are other trends in the Bring your own (BYO) paradigm that are just coming into focus.   The new trends in the BYO paradigm are BYO apps  and BYO identity.   Let’s look at them now.

Security requirements for a small and medium business are a little more lax when it comes to the installation of cloud based applications, security holes become less evident with the requirement to turn a profit.

The BYO apps are starting to appear in the work place with the introduction of apps like Dropbox, google drive, sales-force and zoho.  The storage apps (Dropbox) allow users to store business information off site with minimal security requirements.   This combined with the ability to install the apps without administrative permissions or installing applications into profiles makes the manageability of the corporate data harder.

A user can install Dropbox on their PC, synchronize business information with their cloud storage and access that information from any device or computer under their control.   Your intellectual property is no longer under your control, the information is now dropboxes (under their T & C’s) and the information is less protected with weaker than normal passwords, easier access and intellectual property problems.

Google apps and drive are a similar problem, anyone can set up a google site and although their password requirements are more stringent there is still the lack of control that your business data finds itself.

The proliferation of CRM sites – salesforce and Zoho – allows a user to run a parallel system outside the businesses control.   This is a major problem for intellectual property as this information is critical to your business.   Although the user or staff member maybe a trusted individual this scenario would allow them to move on or be made redundant and take all of that critical business information with them.   Because there was no control over the information it is now lost to you.   Yes there is alway the legal avenue, but that is expensive and drawn out allowing the ex employee to reap abnormal benefits from their underhandedness.

 The BYO application is starting to creep into the small and medium business and not for profit organisations worlds.   The BYO identity is already here.
Users are looking at easier ways to access information on the web and sites like Facebook, LinkedIn, twitter and YouTube have billions of followers.   Web sites are now incorporating social sign on into their membership and payment options.   Users can use their twitter login, for instance, to create an account for themselves on another site that is supports social sign on.
The benefits of this to Facebook, for instance, is that it tracks where you go and what your interests are.   It also informs your list of contacts (friends) what you are doing and why you may have gone to that site, and if the site is really clever they have a prescribed update for you to send.
Although the idea has not developed into the normal everyday business world I can see it happening.   Users will start to demand single sign on across all of their systems and the business systems.   Again this is an endangerment to your intellectual property.
The BYO world is one that a small and medium business and not for profit organisation needs to seriously look into, just to make sure that they are protected from all of the pitfalls.    This insight will allow them to create business policies, procedures and processes that will protect the business from problems associated with the BYO phenomena.

Roger Smith, is an educator. Teaching students at ADFA (UNSW) and showing them how vulnerable they are to cybercrime.

He is also CEO at R & I ICT Consulting Services Pty Ltd, an Amazon #1 author on Cybercrime and founder of the SME Security Framework. He is a Consultant who specialises in inexpensive and highly effective security strategies for small and medium businesses and not for profit organisations.

He has developed and authored the SME Security Framework and the Security Policy Training Course which are considered to be the definitive guides to helping SME's protect their organisation using the principles of Technology, Management, Adaptability and Compliance.

Leave a Reply