‘Bring your own device’ – the potential risks for charities and how to avoid them

Many charities have employees and volunteers who work remotely or hot desk. Work can be in varied locations or your organisation could be short of office space.

Whilst a ‘bring your own device’ policy has a wide array of benefits, you do have to be careful. Laptops, tablets or phones could hold huge amounts of sensitive information that must be safeguarded.

Loss or theft of devices:

Keep your tech safe

The problem:

Loss or theft will affect a charity of any size. Being alert with your belongings is a necessity whether it’s a personal or provided laptop.

The loss or theft could be completely free of fault but unfortunately the consequences can be quite damaging, leading to data falling into unsafe hands as well as personal or organisation costs being acquired.

The solution:

Pointing out the obvious, the first thing is to make sure you keep good practice of always checking you have all your belongings on you when moving from place to place.

In the case that your device does get lost or stolen, it’s essential that your information is safe. This is where strong password protection comes in handy, as difficult to remember as they can be. Luckily, there is now a broad range of free password managers. These generate complex passwords for all your accounts with only one set of login details from you. Free  examples include LastPass and Dashlane. More costly options will give you greater capabilities such as organisation wide control of access. A popular example for this is Okta.

Make sure all your communication channels are encrypted. A high level of encryption will set whoever may try to access your data a pretty difficult challenge.

Finally, make back-ups of anything important on your devices. It’s a definite reassurance to know you can restore all your information onto a new device if anything were to happen. A great option is to back up to the cloud. Example programs are Box, Dropbox and Veritas. These offer a secure way to back up or store your information, accessible from a number of devices.

Malware and Virus risks

Watch out for threats

The problem:

There is always risk that unsafe sites will lead to malicious software or viruses, particularly if someone has a single device for work and personal use. This is because they will be accessing files that aren’t work-related and soare more likely to contain risks.

The solution:

If you have or are thinking of devising a BYOD policy, it’s important to be clear who’s responsible for securing the device. It’s also useful to set time intervals for anti-virus or firewall should be updated.

Charities can easily acquire the most recent version of some of the top antivirus software. Our tt-exchange programme offers a range of choice including Symantec, Norton and Bitdefender. You can take a look at the catalogue here.

People leaving the company

The problem:

There can often be quite a  lot of movement in the charity sector, with employees or volunteers moving to new roles in the organisation or elsewhere.

Either way, their access rights will need to change or terminate. You likely wouldn’t consider them a threat to your data but it’s important steer clear of being liable for a data breach. The ex-employee may choose to sell or get rid of their device which could pass the information on to an unwanted source.

The solution:

A mobile application management (MAM) platform allows you to disable application access and remotely delete data owned by your company from the ex-employee’s device – minimising the chances of a data breach occurring.

When using a cloud-based operating system there can be a few steps to make sure an ex-employee is fully removed from the system. We have previously posted an article all about this, which you can read here.

Web access

Keep yourself password protected

The problem:

If an employee is working remotely, it may be that they are connecting to a range of wireless connections wherever they find them. Some of these do not ensure an entirely secure connection.

This can even be the case are in the office; employees may automatically connected to a BT Openzone or other wifi hotspot. Malicious sites cannot be automatically blocked, and the connection when sending emails or files is not necessarily safe.

The solution:

You can’t stay on top of how employees and volunteers connect outside the office environment, but at work you can ensure they connect to an office-specific connection.

This way, you can control the websites staff have access to. You can prevent malware from suspect sources appearing on your employees’ machine.

Food for thought:

Professional indemnity insurance: This is something your charity may not have thought about, but could be worth considering.

This cover is put in place to protect against disputes that may come about from breaches of customer data or documents if something does go wrong. Charitable organisation’s trustees can come under the bus quite seriously for breaches in data like this and therefore may demand the insurance.

It isn’t an absolute necessity for every charity but it’s worth checking out if you deal with a lot of sensitive data or provide direct services to clients. You can have a look at the various types of insurance for your charity here!

And to sum up:

An effective ‘bring your own device’ policy should include:

  • Clear statements that also explain consequences
  • Training programmes to address liabilities
  • Required security measures when handling customer data

Having rules and a formal policy in place will go a long way towards protecting your charity. Make sure that policy and compliance is firmly enforced from an early stage. At least then the majority of employees and volunteers can be conscious of the guidelines.

 

Join our community and keep up to date with the latest news, blogs and releases by signing up to our Newsletter.

Copyright © 2017 Tech Trust.
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License

  • Russell Deacon

    thanks for this, are there any BYOD policy templates we can hand to employees and volunteers?