Do employees connect directly to the construction company's IT infrastructure using their own smart phones and tablets? If so, the company may be at a high risk for a data breach.

According to a recent study by HP, the overwhelming majority of applications installed on mobile devices – at least 97 percent – can access one or more sources of private information stored on the device and can share this data with third-party companies. Even worse, most of this private data is transmitted over unsecured HTTP.

Construction companies are increasingly embracing the practice of bringing personal devices into the workplace, and it's easy to see why. Employees who bring their own devices to work report higher satisfaction and greater control over their work experience, which can lead to increased productivity. But the shift from company-provided devices to personal devices presents new and very real security risks to a company’s IT environment. Ultimately, a company may be responsible for any data breaches, regardless of who actually owns the device, and that means the IT department now has a greater responsibility than ever before.

Consumer devices often represent the weakest link in data security

Personal devices have a greater risk of contracting viruses and other malware transmitted through email, web browsing, social media and personal apps. In the U.S., smartphone users access an average of 26.7 apps per month, according to a recent Nielsen analysis. Most of those apps are vulnerable to hackers and other threats. A recent HP study found that 86 percent of mobile applications failed to use even basic protections against modern-day attacks.

Personal devices used in the workplace are also unlikely to have up-to-date security controls in place. The responsibility for updating these devices and installing security patches often falls not to the IT department, but to the owner of the device – the individual employee. If an employee doesn't maintain the necessary updates, or isn't aware of them, it creates an instant security risk. The problem is exacerbated when employees use older devices that are less safe because the necessary software patches are no longer supported.

IT departments have less control over which devices are used in the workplace

Complicating the issue is the wide variety of devices and software brought to the workplace by individual users. IT departments can find themselves stretched thin trying to deploy and manage the tools they need to protect data from malware and hackers. This puts increasing pressure on IT to secure mobile devices that don't actually belong to the construction company. In many cases, this can complicate troubleshooting tasks and stretch out issue resolution times, dragging down productivity.

Small and medium-sized construction firms often lack the necessary in-house resources to compensate. They are faced with the unpleasant choice of spending more on IT support overhead or cutting back on necessary security efforts.

Are the efficiencies of BYOD worth the risk?

Despite the security drawbacks, BYOD policies can result in significant savings for construction companies who adopt them. A recent study by Cisco places the annual savings of BYOD between $300 and $1,300 per employee, depending on the individual job role. BYOD not only spares a company from the expense of providing the devices in the first place, it also saves the cost of future repairs and replacement.

BYOD also reduces training time, as employees are able to use the devices and apps that they are most comfortable and familiar with. A study by HP found that employees report 33 percent higher job satisfaction when using their own devices.

best practices help eliminate the risks of BYOD

Today, more and more construction companies are working with managed IT service providers to mitigate the risks of BYOD while retaining the significant cost savings and boost to employee productivity. Managed IT service providers typically store a company's data on a remote server. Individual users then access their apps and data through a portal, so that no data is actually stored on a personal device. Since the data is stored and accessed remotely, the threat of infection or data loss is virtually eliminated. As a result, construction companies experience less downtime, since employees can access their workspace from anywhere, on practically any device. Construction companies also see cost savings as IT management overhead is significantly decreased.

In addition to storing data remotely, a reliable managed IT service provider will also conduct an up-to-date risk assessment, review current security policies, find vulnerabilities in a company’s system and identify potential threats before they become a problem. Working with a managed IT service provider helps construction companies develop an effective BYOD policy that saves money and gives employees the satisfaction of using their own devices in the workplace, all while keeping company data safely protected.