Business operations and functionalities are increasingly becoming complex, thus making the line between work and personal life even thinner. Employees are found to be increasingly using their own devices and gadgets to do company work for their own convenience. Such a practice is posing serious risk exposure and security threat for themselves and their organisations.

Although companies cannot simply impose an absolute ban on the usage of personal gadgets at the work place, they can implement appropriate risk-mitigation measures to protect their business interests from internal and external threats, thus paving the way towards uninterrupted business growth and harmony.

Businesses must put in place six important risk measures, apart from other supplementary policies, deemed appropriate as below:

1.Internal policy

Business organisations must fully take control, manage and retain critical documents and information across the company as these are the company's proprietary information and assets. It is the responsibility of senior management to undertake a strong approach by creating policies which clearly outline the dos and don’ts with regards to the usage of personal mobile, devices, tools and gadgets at work place.

2. Training and briefing sessions

Companies should organise and conduct training, briefings and town hall sessions periodically to ensure repeated reminders are given to employees of what is acceptable and unacceptable when it comes to the usage of personal devices. This includes social media, files, storage, safe keeping of proprietary information, creating strong passwords and changing them from time to time. Employees need to be reminded of the growing cyber risk situation and that an attack is waiting to happen.

3. Regulatory requirements

Senior management must take an effort to understand regulatory requirements and limitations when it comes to data usage and storage. The same applies to employees when using personal devices at work place. Employers should make it clear to employees about adhering to all regulatory requirements across the organisation.

4. Back up and safe keeping

Employees must also understand the fact that employers are not responsible for the protection of employees’ personal data. It’s rare to see individuals buying backup systems for the protection of their personal devices. Employees must learn and be aware of available options for backup in the market apart from online systems and cloud to ensure timely recovery of data during unforeseen occurrence. Carrying around pen drives, sticks and external hard drives should not be encouraged. Organisations must have clear instructions on backup and cloud-based archival storage that employees can access using their personal mobile devices.

5. Business vs Personal

It is important for senior management and employees to be very clear of what is official and what is private. However with fast-growing social media platforms, it’s getting rather difficult to keep an eye on this at all times. Employees are generally found to be using the same profile and account for both personal matters and work. It’s important for employees to stay alert when posting status, comments or updates. Employees must be made aware of who they represent as the employees first. Failing to understand this basic principle may cost them their career one day.

6. Ownership and proprietary

With the advancement of technology, it’s very easy for employees to get access to departmental information at their fingertips at the work place or remotely. Senior management must make it clear to employees that all official work being executed using personal devices belongs to the organisation and not employees. Should any employee lose their device or should it fall into the wrong hands, senior management reserves the right to wipe out all relevant data remotely to protect their proprietary information. It is pivotal for the senior management to ensure employees are aware of such internal policies.

In today's business complexity, the occurrence of business failures is not because there are no risk management practices in place ... it’s all about risk mismanagement.

It's all about truth ... confidentiality.

-- BERNAMA

Dr Barathan Muniyandy, a thought leader and risk management practitioner and trainer, is CEO of Handal Group Malaysia – a comprehensive Risk Management & Corporate Intelligence Consulting Group that has been advising business organisations and governments in Asia over the past 25 years.