With the increased reliance and necessity of having mobile computing, it’s no wonder that a BYOD (Bring your Own Device) policy has become quite popular with many companies. The cost and inherent difficulty for IT departments to keep up with every technological shift has made employees yearn for their own devices.
From laptops to tablets to smart phones, it can be hugely beneficial for employees to be able to work on the device of their choosing. The familiarity, advanced technology, and accessibility of modern mobile devices are empowering employees to do their best work.
However not every aspect of a BYOD policy is a no brainer. Arguably the biggest drawback is the security risks that come along with employees using their own devices.
“The advent of BYOD has delivered multiple benefits to organizations, such as costs savings, work flexibly and increased employee productivity,” says Daniel Driver, Head of Perception Cyber Security, Chemring Technology Solutions. “However, organizations face a dichotomy – while mobile technology brings operational benefits, it also introduces the compromise of network security.”
Recent hacks, such as the one suffered by health care insurer Anthem in which 80 million personal records were stolen, are having some employers question the longevity of a BYOD policy. And more importantly, if a hack is just an inevitability with a BYOD initiative in place.
Thankfully, there are tangible ways in which companies can combat the threat of security breaches while implementing a successful BYOD policy.
Passwords and Pins
Though it may scream as the most basic of common sense, a successfully BYOD policy relies on appropriate passwords or pins for all mobile devices.
It is recommended that a different password be set for each and every device and account that will be in use. If they aren’t a hacker that accesses one device may then gain access to them all.
Passwords should be unique and feature many different characters for each device, also keeping in mind that passwords should be changed at least every 90 days.
Manage Connectivity Concerns
One of the main issues seen in companies with BYOD policies is the security risks that ensue when users connect their devices to unsecure networks. Devices often connect to a WIFI network without the user knowing, which creates a vulnerability issue.
“Once a mobile device has left a network, the organization has reduced control over what it does, it is therefore vital to assume that the security of every device has been breached – and manage network security accordingly.” Says Driver.
This is solved by having all employees turn off the WIFI and Bluetooth connectivity when not in use, as well as setting devices to require permission to join networks – instead of automatically joining.
Since employees are used to being able to use their devices as they see fit, they can put the company at risk when behaving as they would in the comfort of their own home. One way this mindset has caused issues for companies is through downloading and using apps.
The key here is to implement a strict list of approved applications that can be downloaded on to their devices for use in the office. This will greatly decrease the chance of viruses and possible data theft.
Companies have to take the proper precautions in regards to sensitive information on employee’s mobile devices. That means considering how you can remotely wipe sensitive data off an employee’s device.
“If you intend to retain any control of company data (which is, of course, crucial), you will need to select and implement a mobile device management (MDM) solution. This will give you control over employees’ mobile devices and (importantly) the means to remote wipe them if they are lost or stolen,” says Ben Taylor, the Security Specialist at BestVPN.com.
“This is where the compromise part comes in, because it is at this point when some employees may start to see a negative to being allowed to use their own devices, most likely at the point where it becomes clear that the IT team need to install something on their device to keep company data safe.”
Communication and education with your employees is key when it comes to this step and can actually help drive home the more basic security tips.
As BYOD policies have the capacity to become the rule and no longer the exception, it’s never been more important to define a clear and logical plan for employers and employees alike.