BYOD is an industry buzzword and a source of much anxiety among IT departments. When employees bring their own devices to work, it creates headaches and major security concerns for the IT contractors who have to ensure the workplace is secure.
The tech news site VentureBeat reports that Google recently invested millions in Divide, a mobile app that aims to offer a security solution for BYOD liability.
Divide gets its name from its ability to partition devices. Through the app, an employee's personal device can be separated into a work-secure environment and a personal environment. The user can't install personal apps on the work side of his device but is free to do so on the personal side.
The specifics of this app aside, Google's million-dollar investment reveals that IT consultants are right to be worried about these liabilities. BYOD is a major security concern, particularly for small businesses. Luckily, business insurance can actually protect you from BYOD liabilities and lawsuits. Before we get into coverage options for small IT businesses, let's review BYOD and the risks it poses.
Why Is BYOD a Bigger Issue for Small Businesses?
Small businesses usually don't have the money or resources to invest in extra IT solutions. One of the reasons many businesses allow BYOD workplaces is because it saves the company money.
Rather than shelling out for laptops and mobile phones for each employee, small businesses often rely on employees to use their own computers (and software) to perform their jobs.
Unfortunately, while small businesses are able to save money and reduce their IT budgets, they're exposed to more risk.
What Risks Are Businesses with BYOD Exposed To?
So why all the fuss about BYOD liability? When an employee brings their device into the company's firewall, he exposes the whole business to any security vulnerabilities he might have on his device. In addition, he exposes you – the tech contractor – if his compromised device affects the security of the network.
Say an employee's kid downloads a mobile app that contains malware. When that device is used on your client's network, the whole system could be exposed to a data breach. When that happens, it's you that could be sued – not the employee's five-year-old who was looking to play Angry Birds.
(For more on mobile device risk, see "The Mobile Future and Why You'll Need E&O in It.”)
It’s important to realize that IT professionals can be sued for mistakes they make, but also for the actions they don't take. The latter is especially relevant when it comes to BYOD.
If you're aware that a client has a BYOD workplace that isn't properly secure, you could be responsible for:
- Warning them about the risks.
- Offering to fix it.
Your liability depends on the specific type of work you do. If you’re upgrading a company’s email system, for example, and you don’t make the spam filter sensitive enough, you could be named in a lawsuit if a phishing email gets through and an employee opens it and infects the network.
Why BYOD Liability Is Going to Get Worse
Google's investment in BYOD risk management means Google is wisely betting that BYOD risks are going to increase in the future. IT news and analysis site ZDNet reports that 38 percent of businesses are planning to stop offering work devices to their employees in lieu of a more BYOD-dependent workplace.
This puts small business IT consultants in a difficult place. The research shows greater BYOD risks are likely in the future, but your small-business clients are going to be dealing with the same budgetary restrictions that keep them from investing in secure IT solutions.
The BYOD Takeaway: One Bad App Spoils the Whole Barrel
IT consultants are problem solvers, and BYOD is a series of problems that can make it difficult to offer secure, working solutions to clients. With that in mind, here are five takeaways you need to know as you build your BYOD risk management plan:
- IT contractors and consultants can be liable for their client's unsecure BYOD networks (imagine being sued for a breach caused by a client's employee who downloaded a bad app!).
- BYOD marketplaces will likely become more common.
- New IT solutions for BYOD risks might be on the horizon (as Google's investment suggests), so IT consultants need to keep an eye on how this market emerges.
- If you recommend third-party software like Divide, you can be sued if the software's flaws lead to a data breach on your client's network. (For more on the risks of using third-party software, see "Help Your Clients Understand the Risks of Third-Party Contractors.”)
- BYOD carries other non-security risks, including compatibility and workflow problems you can be sued for if your IT solutions don't work as promised on your clients’ devices.
Is There IT Insurance for BYOD Liabilities?
Yes, E&O Insurance can cover BYOD risks, including lawsuits over…
- Client data breaches.
- Faulty security software that doesn't secure BYOD devices to the client's network.
- Professional negligence (i.e., failing to prevent BYOD security problems).
- Compatibility issues with Android, Apple, and other devices that can't access an IT solution you install.
For a free quote on E&O Insurance to protect your BYOD liabilities, submit our online insurance form, and our agents will send you a cost estimate (usually within a few minutes).
