For some companies, letting employees bring their own devices to work on and connect to their secure network seems like the scariest thing since the Y2K panic. But however worrisome the unknown is, staying on top of technological trends is crucial for companies to keep their security up to date.
With the rise of mobile and cloud technologies, many businesses are incorporating BYOD policies to better manage their enterprise infrastructure. Here are 7 ways to carry out both a successful and secure BYOD program.
Specify Permitted Devices
In your policy, it needs to be clear what devices your company and your network will support. It might seem unfair to discriminate against certain devices, but some devices are simply more risky than others. In fact, some devices, especially outdated phones, would be hard to synchronize to the network, so disallowing those could be a practical decision in addition to making your network more secure.
Grasp Mobile Device Management
Many companies worry about the (perceived) inherent risks that come with the implementation of a BYOD program. However, if companies team up with their IT departments to create a secure and manageable network, then risks are greatly reduced. With this secure network, it’s important to create policies letting employees know what actions are and are not allowed through the network. Because employees are using the company network, companies should make it clear that network activity will indeed be monitored for security purposes.
A great option for MDM systems is the cloud. Cloud-based MDM systems allow access to files and other important documents via a secure program from secure smartphones like BlackBerry 10 phones or tablets. Some of these cloud systems provide access to log files, so that companies can check detailed history of employee usage. This log file will give the company peace-of-mind, knowing they can watch sensitive documents.
Secure Physical Devices
Initial device security policies should be implemented and understood by all employees. To ensure devices aren’t physically compromised (which, in turn, compromises the company’s security), screens should be locked with an enforced, complex passcode that results in the device being wiped if too many repeated failed attempts at the passcode occur. Passcodes should be alphanumeric, as opposed to a simple 4-digit PIN. Other policies to enforce: application data shouldn’t be copied over to the physical device, and if loss or theft of the device should happen, the device should have the ability to be wiped remotely by your company’s IT department.
Permit Personal Data
Because allowing a BYOD policy in the office offers a sense of freedom for employees, it would be harmful to employee morale if companies didn’t allow their employees to keep personal data like photos, media, text messages, personal emails, and other apps on their devices. Understanding this, companies also need to make sure there’s security for employees’ personal data, which means security from the company monitoring it. This also means that, if possible, personal data shouldn’t be wiped from phones when corporate data is wiped.
Have a Plan for Approaching Security
There are several different approaches to monitoring and securing a BYOD workplace. Some approaches work, and some approaches fail. There’s the frugal approach wherein IT isolates all tablets and smartphone devices to a separate virtual private network, or VPN. The problem with the frugal approach is that IT lacks visibility to track the top bandwidth consumers, so in a sense, they’re just repurposing tools that already exist, instead of creating a network with mobile management capabilities.
Another option is the “Big Brother” approach. This approach is both costly and timely. However, for larger companies and public organizations that are willing to spend more money on dedicated mobile management capabilities, this approach fits well into their BYOD plan. The Big Brother approach allows IT to track mobile devices to make sure all corporate policies are being followed.
A third approach is the Wireless Pane of Glass Approach, which focuses on managing wireless infrastructure while also noting who is using their network and why they are using it. The capabilities of this approach allow visibility of users within the company, and from remote locations. Though to some this raises concerns of privacy, it is should be a priority for IT to monitor and protect their network regardless.
Because not all approaches allow for specific wiping of company-only data, that means personal data could be wiped from the phones as well. Companies need to make it clear under their policy that devices brought into the network could suffer from a complete wipe. To ease concerns, companies can show employees how to back up all their personal data, so that it may be restored in the case of a complete data wiping.
Discuss Allowance of Apps
Though these devices are the personal property of employees, compromises with the company must be made for security reasons. The usage of apps (such as those used for social media and streaming services) should be addressed outright in your policy plan. Since BYOD essentially allows employees to use their personal device in the workplace, it’s a good idea to have management set ground rules for apps and data usage in order to maintain steady productivity.
Have a Plan for Incidents
As everyone knows, accidents happen. By implementing an incident response plan, companies can prepare for any possible scenario where a breach of security or a device is lost or stolen. This plan should cover issues determining how to make sure data is deleted from the personal device of an employee who has left the company, allotting a timeframe for an employee who has lost or had their device stolen to notify the company, and designating responsibility for the replacement of devices.
You’ll need to create a policy for damaged devices, as well, thinking about creating a policy concerning loaner phones for employees who loose or break their phones. Instead of worrying about the “what ifs,” companies can rest assured knowing they have policies in place for any possible situation.
Just because BYOD policies are new, that doesn’t mean that they need to be scary. By actively preparing for the transition into a company-wide BYOD policy and for the possible problems that accompany any new system, organizations can stay current with the changing technological era while keeping their employees happy and their budgets comfortable.
What’s the most difficult and troublesome thing you think could happen concerning company-wide implementation of BYOD?
Published: August 29, 2013