Earlier this year I wrote about the movement toward companies adopting a Bring Your Own Device (BYOD) policy. Many times this is driven by the effort to reduce costs to the company. There are, however, many pitfalls to this strategy if the framework supporting the BYOD policy is not well thought out. The February edition of RIMS magazine captures these risks and issues quite effectively. While smart phones are the obvious subject of this, we can’t forget the myriad of other communication devices (tablets) that these risks can apply to.
While the risks directly related to BYOD abound, this article speaks more broadly about other effects of a breach – the risk of reputational damage, notification risks from a data breach, and simplistic issues like using a memory stick “infected” with a virus or malware. Ownership of information (such as Twitter activity) can also become more challenging when thinking about an unenforced or ill prepared BYOD policy. When I wrote this I searched Google for “BYOD Sample Policy” and got 283,000 responses, so there is surely a preponderance of guidance out there. One that I thought was particularly useful was the White House BYOD toolkit – it is very comprehensive. The RIMS article provides a few basic steps to consider when approaching the topic which begins with a Risk Assessment.
Technology risks continue to complicate the lives of business owners and corporate officers. It is important to have a knowledgeable team who is able to understand these risks and advise the company management accordingly. Computer security is more and more complex and, it is not unusual for companies these days to have a “normal” IT vendor and then a specialized group that consults on network and device security. It is also important to have legal counsel familiar with such risks. These are not the type of risks that a “generalist” legal counsel is best equipped to advise on. We are constantly probing the risks that our clients may encounter; BYOD and related areas are rapidly filling a prominent place in our overall risk matrix & risk analysis. Feel free to contact me at 732-395-4251 or [email protected] if we can help address any of these risks or to sort through available insurance coverage that will mitigate (some of) them.
