The AP reported that a team-issued iPad was stolen from the car of a Chicago Bears Rookie, and the Bears Playbook was on the iPad! Fortunately, the Bears Organization had implemented a corporate owned device policy, which allowed the IT Department to take control fast.
Why Company Owned Devices Should Be Your Company Security Policy
The Chicago Bears just demonstrated why a corporate owned device policy is a better cybersecurity choice than BYOD. The Chicago Bears got their first win of the year before the season even started, but this time it was Management and the IT Department that executed a perfect performance. The Bears organization implemented a Corporate Owned Device policy instead of a Bring Your Own Device policy, and as a result, their IT staff was able to take control immediately when a players iPad that contained the team's playbook was stolen from his car. Their ability to take action immediately prevented any sensitive data from being compromised, you can't even put a price tag on what this means to the Bears Organization. This decision is a difficult one for companies, especially when employees insist they are more productive when using their own devices for work. Business owners need to be aware that device theft remained one of the top causes of security breaches in 2017, and the corporate IT department simply can't provide the necessary level of security unless the device is owned by the company.
3 Reasons to choose a Corporate Owned Device Policy
Control over Mobile Device Management (MDM) Software provides an extra layer of protection by allowing the Company to wipe data from the device remotely in the event that it is lost or stolen, or if the employee leaves the company. In addition to enforcing encryption, this remote wiping capability is how the Chicago Bears were able to avert disaster last week. Although MDM seemed to be the perfect solution for BYOD devices, employees are increasingly refusing to have MDM software installed on their personal devices for fear that the company can see what they're doing. The company can refuse to allow the worker to access the network, but productivity suffers, morale declines, and preventing employees from accessing email from their phones isn't in anyone's best interest. When the company owns the device, they can configure desired security policies and pre-load the MDM software, providing the most robust network security possible.
Control over Security Policies
There is increasing litigation over who is responsible for the costs of cyber incidents, and there are new laws and regulations regarding how systems need to be managed to interact with sensitive data. IT departments need to control functions including the timely application of critical updates and patches, whitelisting and blacklisting apps, and monitoring devices for suspicious activity. Employees often push back when they're told they can only download approved software or that the company is monitoring they're personal device. Corporate owned devices remove this issue, and help IT departments work within legal and regulatory parameters.
Control over The Internet of Things (IoT)
These days, everything from printers to phones to smart refrigerators are on a network, and it is estimated that 20.4 billion "things" will be network connected by 2020. The policies set by companies today will have to withstand this new way that the world will be connecting, and IoT devices can easily create security vulnerabilities. These new additions are items that don’t currently involve the IT department, so setting a firm policy of what will be allowed to connect to your business network is critical. Securing "the internet of things" will require companies to have complete control, which will be much easier if they are corporate owned. BYOD policies leave IT departments to manage and control a chaotic mix of apps, services and device types, and in many cases it is impossible for administrators to implement protections that ensure compliance and data security policies are met. If the device is owned by the organization, the IT department can install management software, apply patches, enroll the devices in an MDM solution, and implement multi-layered security policies to prevent sensitive data from being compromised. When you weigh the benefit of personal preference against the risks, corporate owned devices are clearly the better option.