10-8-13 BYOD Risk Presentation for Nassau County Bar Committee
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

10-8-13 BYOD Risk Presentation for Nassau County Bar Committee

on

  • 391 views

Presentation on BYOD risk management by Jonathan I. Ezor of the Touro Law Center for Innovation in Business, Law and Technology for the Corporation/ Banking & Securities Law Committee of the Nassau ...

Presentation on BYOD risk management by Jonathan I. Ezor of the Touro Law Center for Innovation in Business, Law and Technology for the Corporation/ Banking & Securities Law Committee of the Nassau County Bar Association in Mineola, NY on October 8. 2013.

Statistics

Views

Total Views
391
Views on SlideShare
385
Embed Views
6

Actions

Likes
0
Downloads
2
Comments
0

1 Embed 6

https://twitter.com 6

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

10-8-13 BYOD Risk Presentation for Nassau County Bar Committee Presentation Transcript

  • 1. BYOD: Managing the Risks of Bring Your Own Device Policies Prof. Jonathan I. Ezor Director Touro Law Center for Innovation in Business, Law and Technology jezor@tourolaw.edu Nassau County Bar Association Corporation/ Banking & Securities Law Committee October 8, 2013
  • 2. Wireless Devices Key to Modern Business • Access to data • Communications – Colleagues – Clients/Customers – Others • Mobile workforce • 24/7/365 workcycle • Instant responsiveness demands jezor@tourolaw.edu
  • 3. Challenges of Mobile Implementation • Cost • Platform choice • Updates/Upgrades • Training • Support • Vendor changes (e.g. Blackberry) jezor@tourolaw.edu
  • 4. BYOD: Leveraging Employee Choices • Employees increasingly buying/updating personal devices • May be more sophisticated than company standard • Employees may cover some/all costs • Personal familiarity may reduce training need • Major platforms increasingly interoperate jezor@tourolaw.edu
  • 5. Balancing BYOD Benefits and Risks • BYOD not without risks, including – Employee-driven vs. mission-driven – Complexity and cost of support – Software and licensing – Security – Confidentiality – Personal vs. professional – Compliance – Litigation • Must balance risks with rewards jezor@tourolaw.edu
  • 6. jezor@tourolaw.edu • Choice of approved devices should reflect business needs – IT platform – Applications & functionality – Security • Employee requests can conflict • Failure to support owned devices can undermine BYOD intention • Consumer devices for business purposes Employee-Driven Vs. Mission-Driven
  • 7. jezor@tourolaw.edu Complexity And Cost Of Support • Diversity of hardware/OSes means almost unlimited potential support obligation • Everything from setup to chargers to software • Employees may expect or demand support from IT staff • Refresh cycle a factor as well
  • 8. jezor@tourolaw.edu Software and Licensing • Organization’s software may include licensing restrictions – Enterprise vs. personal devices – Number of total/concurrent users – Expiration of licenses/versions/support • Older licensed software may not support new mobile platforms • Need to consider existing licenses, negotiate new ones with BYOD in mind • Interoperability of software also a factor
  • 9. jezor@tourolaw.edu Security • Multiple potential security breach vectors on mobile devices – Malware – Insecure WiFi – Unencrypted connections – Utilities – Older versions of OS • Consumer devices may offer fewer security options than business-specific ones • Some devices support VPN, push profiles for security settings
  • 10. jezor@tourolaw.edu Confidentiality • Every mobile device a potential data breach channel – Mass storage – Lost/stolen devices – Backups • Employees may share devices with family, others • Use may violate NDAs, regulatory/legal requirements • Risks of accidental breaches – GPS – EXIF data – Social media
  • 11. jezor@tourolaw.edu Personal Vs. Professional • Boundaries always a problem for mobile workforce • Use of personal devices exacerbates challenges • Harder to establish, enforce limitations on personal use • Labor laws also potentially involved
  • 12. http://ezor.org/a7k4n
  • 13. Allen v. Chicago
  • 14. jezor@tourolaw.edu Compliance • Requirements may not exclude personal devices – Document/correspondence retention – Security – Privacy – Tax • Auditors, enforcement officials may require access to employee devices • Also more difficult to change practices for new/changed regulations
  • 15. jezor@tourolaw.edu Litigation • Discovery requests may/should include employee devices • True of home computers as well as BYOD • Holds, deletion policies also face challenges • Shared devices also an issue • Employees may be uncomfortable opening personal equipment to scrutiny
  • 16. jezor@tourolaw.edu Risk Management for BYOD • Implementation must include awareness, management of risks • Involve all stakeholders – IT – Legal – Finance – Operations – HR – Employees • Plan, budget for training and support • Communicate decisions and rationale to all
  • 17. jezor@tourolaw.edu • Written policy on supported devices/platforms/uses • IT infrastructure chosen/configured to enhance security as well as convenience • Educational materials for most-common devices – Setup – Security – Remote wiping – Encryption • Ongoing review of implementation, issues • Verify insurance and other risk management coverage Best Practices for BYOD
  • 18. Professor Jonathan I. Ezor jezor@tourolaw.edu @ProfJonathan on Twitter Questions?