The acronym BYOD strikes fear into the hearts of IT security profes- sionals. But with the right policies, controls and culture,they can manage the risk of the bring-your-own- device reality. And it is reality.


“Some say the appropriate acronym is IBMD — I’m Bringing My Device,” said Ramsés Gallego,vice president of global IT association ISACA.“BYOD implies an invitation, but employees are using and storing company data on their personal devices whether you like it or not.” 

As evidence, an ISACA survey found that only 9 percent of employees use work-issued mobile devices, while nearly half use personal devices for work. 

So how can you combat threats? 

  • Develop and drive awareness of a clear BYOD usage policy. Ensure you establish and communicate your expectations on the use of personal devices for business activities.

  • Implement and maintain controls, including the ability to log access and usage information for sensitive data.

  • Embrace but educate. Employees should understand the personal and professional risks associated with BYOD. Education about the personal benefits increases buy-in and fosters a culture of security awareness.

Now that nearly every employee, from the CEO to interns,possesses a smart device, preparing for BYOD is not optional — it’s a mandate.

Fortunately, companies are seeing opportunity in BYOD — if it’s secured properly — including less equipment to purchase and maintain, as well as employees using devices that are more effective for their roles.