BYOD Security & Policies

Short for “Bring Your Own Device,” this refers to the practice of allowing your employees to brig their own mobile devices to use with company systems, networks, software or information. BYOD has become a huge trend amongst enterprises with 1/3 of employees using personal devices at workplaces worldwide. While BYOD can be convenient, it can also come with its risks.

The driving force behind BYOD is a new IT self-sufficiency among company employees who already own and use personal laptops, tablets and smartphones.

These mobile devices are often newer and more advanced than the equipment deployed by many IT departments. It’s hardly surprising that the rapid adoption of lightweight Laptops, iPads and large-screened phones are changing the way that people want to work.

While BYOD sounds attractive, businesses need to consider the full implications of allowing corporate data to be accessed on personal devices that they could have little or no control over. What data can employees have access to? What security measures are in place if an employee’s device is lost, stolen or compromised?

Establishing BYOD security starts with policy creation. A strong BYOD policy accomplishes several objectives for the organization. This policy should address basic considerations such as the goals of the BYOD program, which employees can bring their own devices, which devices will be supported, and the access levels that employees are granted when using personal devices. Beyond these factors, more in-depth considerations for BYOD policy include:

• Who will pay for the devices and data coverage required?
• Where will the data be stored (locally, in the cloud etc)?
• What methods will be used for securing devices before they are retired, sold or disposed of?
• What safeguards are in place if a device were to become compromised?
• What happens if an employee were to violate BYOD policy?

Once a policy has been created, maintaining BYOD security depends on an organization’s ability to educate its employees on BYOD best practices. These tips should serve as best practices for end users and IT/Security teams alike:

• Use password protected access control.
• Keep OS, firmware, software and applications up-to-date.
• Never store financial or personal information on a device.
• Back up the device data.
• Control application access and permissions.
• Run mobile antivirus software.

An effective BYOD solution will enable you to secure the data, not just the device. With this approach, IT departments need not worry about compromising security in the name of usability. Employees want to use the devices that they are comfortable with in the workplace. They want to have the same experience at work that they have at home. People are used to using applications now, rather than browser-based solutions. By giving employees what they want, companies will ultimately benefit.