August 25th, 2015
Mitigating the Risks of BYOD in corporate learning
The trend of Bring-Your-Own-Device is on the rise and is seen capturing the interest of employees as well as organizations. For employees, it brings flexibility and the ease of working on their personal devices whenever they want and wherever they are. For companies, it is seen as a positive trend of utilizing an employee’s time to the maximum.
However, this trend comes with its own set of challenges and Security is the top concern that most organizations have with the policy of BYOD. It is clear that businesses that do not embrace BYOD as a policy run the risk of low productivity, employee dissatisfaction as well as low competitive standing. The solution is to not ban the policy of BYOD but put up measures to ensure the security of corporate data – across the multiple devices that the employee uses to access the data.
BYOD as a trend is also affecting corporate learning, as more and more learners opt to learn on their own devices, as per their schedules or pertinent needs. As we discussed in a previous post this year, BYOD is here to stay to provide learning as and when learners need. Here are a few measures that you can take to minimize the risk of compromising data while utilizing the benefits of BYOD in corporate learning.
Passwords, Firewalls and Encryption:
The platform of corporate learning is the enterprise Learning Management System for most organizations. Most modern LMSs come with built-in security measures for data that resides on the system. But when the system is accessed through the internet on multiple devices, across multiple location and network connections, then additional measures are necessary for maintaining security. In addition to authorized Passwords, Firewalls can be installed to allow only authorized devices to access the enterprise LMS. So if an employee needs to access the LMS through his or her smartphone or tablet, he or she will have to get it validated as an ‘authorized device’. Similarly, the flow of information can be encrypted that does not allow anyone to ‘snoop’ and get hold of sensitive data.
Consuming all elements within the LMS:
Most LMS support multiple formats including text docs, PDFs, ePub and HTML. The learners thus can view them all within the LMS. But e-Content today is not just plain old text and graphics. It also involves a variety of multimedia elements, including animations, videos and audio. While this enriches the learning experience, the LMS should make sure that all the elements of an e-course can be consumed within the confines of the system and the learner should not have to download the media file to his or her viewing device. Most LMSs thus come with built-in media players, which support multiple media formats and allow the audio-visual to be run within the LMS.
Social learning via LMS:
Social media is a part of our lives now and affects human behavior like never before – including how we learn. Even in the workplace scenario, social learning through networking sites, wikis, discussion boards and chat-rooms is the norm. Even if a virtual group is ‘closed’ and access is for members only, when it is accessed through multiple devices, the risk of infiltration becomes high. Many organizations thus discourage social learning on public networks and prefer providing avenues for social interaction on the LMS instead. Discussion of the sensitive nature can be held in chat-rooms or forums within the LMS – so that knowledge is able to grow, without the fear of leaking data.
Enforcing standard security policies:
The standard security policies of remote access of organizational systems should be enforced along with the policy of BYOD. This includes ‘Failed Login Attempt Action’ and ‘remote wiping’. These are especially useful when the device has been lost or stolen. The system can be frozen after 3 invalid tries or using remote wiping, an app or data from an authorized device can be removed. These policies are still debatable and many claim that they in violation of privacy rights. So it is best to include these clauses in the BYOD policy of the organization – and make sure that all employees who want to avail the policy are aware of all that it entails.
Minimize inter-app connectivity:
Many LMSs are available on user devices as ‘apps’. They also often communicate with other apps on the device such as corporate email and calendar application. While this makes sure that the learners are more aware of learning events and are able to manage them better, the connectivity between the LMS app and other existing apps should be kept in check. Connectivity with other apps should be disabled and only the system administrator should be allowed to make room for connectivity with additional apps.
Implementing external security measures:
As an added measure, user devices can be made secure by implementing device-specific security services. For instance for Blackberry, iOS as well as Android devices, the Blackberry Enterprise Service 10 is a unified device management and security platform. It creates a zone inside the user device which is password protected. Each entry gets validated at the organization’s server and an app inside this zone can’t interact with apps outside. Installing all organization specific apps inside this ‘safe’ zone ensures security. Additionally all apps that can be installed in this zone are controlled by organization’s IT team with the provision of failed-login action, remote wiping and so on.
BYOD is fast gaining pace as a norm in the corporate structure. For training purposes, the policy is learner-friendly, addressing the just-in-time learning needs of corporate employees. With suitable security measures in place, you can breathe easy and let your learner choose learning – as per need and convenience.
Want to know more about effectively utilizing BYOD in corporate learning? Fill the form below:
Suggested further reads: