The BYOD (bring your own device) system is practiced by many business big and small these days, however, if good security measures aren't implemented and adhered to your sensitive data can be vulnerable. Even with good employee compliance and security firewalls, sensitive data can still leak out.

There are three areas to managing and maintaining a BYOD plan:

Governance and Compliance
In a survey conducted by Becker's Hospital Review, of 421 organizations, 68 percent used a BYOD plan. However, less than 40 percent of that group implemented a mobile data management system. Furthermore, 45 percent of the organizations involved in BYOD plans reported incidents of lost mobile devices containing sensitive work information. Without proper security procedures and compliance rules, you leave your business exposed to leak sensitive data.

Some common security risks occur when:

• Staff members let non-staff people borrow their devices. Leapfrog reports that 46 percent of Americans allow non-company people to borrow their mobile devices. Make sure staff members understand that a piece of the company is on their devices and should be protected as such.

• Staff store their work email passwords on their mobile devices—35 percent of Americans have admitted to doing this. A good idea is to have them write down their passwords in a notepad or in a folder that stays at their office desk and perhaps somewhere secure in their home.

• Auto-lock features are not activated on staff BYOD devices. IT should hold a brief workshop with the staff to go over where these auto-lock features are on each mobile device, which would also be a great time for IT and administration to go over compliance polices and network sharing information.

BYOD Policies and Mobile Device Management

One bad situation that can occur when a business has a lax BYOD plan is that a fired employee could leave with sensitive data on their mobile device. All BYOD companies should have a policy where you are allowed to wipe all BYOD devices when an employee is terminated, and should include penalties for any violation. It's also a good idea to list how many and the types of devices an employee can use so your IT department knows just how many types of devices its dealing with.

Mobile Device Management (MDM) is ideal for dealing with security risks because it allows employers to remotely lock or wipe devices. This could be beneficial if a terminated employee fails to wipe the device or if anyone loses their phone.

Be sure that you and your administrators know the rules and regulations about working on BYODs during non-work hours. Under some state laws, work on BYODs after work hours could constitute as overtime. Refrain from sending emails and texts and calling employees until the next business day.

IT Security

Perhaps the most important step in a BYOD plan is having your IT department set up a solid security plan to prevent infiltration of your business' network. Some common vulnerable items include:

• Public Wi-Fi Hotspots: Public access to hotspots are not secured, thus leaving hackers the ability to infiltrate a private system. If an employee allows his or her mobile device to be stolen, these hackers can wreak havoc for that staff member and your company's entire software network.

• Usernames and passwords: One bad habit staff members have is making a username and password that are the same for all their data storage platforms. If that one password is compromised, so too is the entire system. Change up the passwords by using your favorite sports players and their jersey numbers, pet names or your favorite books. Remember to keep this secure information written down at your office desk or in a folder at home, not in your mobile devices.

• Man in the Middle hacks: Spoofing and phishing are two common ways hackers try to break into a system. Any email or solicitation that asks for money, personal financial information or social media account password information should be deemed highly suspicious and reported to your IT department. These scams can be under both familiar names and unfamiliar names, such as the Internal Revenue Service, so be extra careful in what emails you trust. If something looks and sounds fishy, then it probably is.

• Malware: Simply put, if your business is using a BYOD plan, then the chances of your network getting attacked by viruses jumps significantly, considering how much downloading your staff members will be doing. If your IT isn't installing anti-virus software—BYOD plan or not—then shame on you. This is sensitive information protection 101. The Bitdefender Antivirus Plus earned a perfect review in one survey of anti-malware software, getting recognition for its tools to safely do online banking and shopping.

• Cloud Use: When a company uses a cloud system to store its data, it must find a way to keep staff from uploading sensitive information in apps and file-sharing sites like Dropbox. As secure as these sites and apps seem, IT must be sure to have a firewall on any backdoor access hackers could get into.