When executed correctly, embracing a company bring your own device (BYOD) policy far outweighs the potential data security risks. Employees feel more comfortable and productive working on familiar devices, and BYOD cuts down on device and software costs.
Here are five tips any organization can use to implement a secure BYOD policy.
1) Establish Security Policies for All Devices
Before you give employees the freedom to access company resources from anywhere, set stringent security guidelines including:
- Minimum required security controls for devices, such as data encryption, inactivity timeout controls, and strong alphanumeric passwords.
- Guidance on where will data from BYOD devices be stored and what types of information can be stored locally, if any.
- Is your IT team permitted to remotely wipe the device if:
- The device is lost?
- The employee terminates his or her employment?
- IT detects a data or policy breach, virus or similar threat to the company’s data/infrastructure?
2) Acceptable Use Guidelines
Acceptable use policies help prevent viruses and malware from entering your system through unsecured websites and apps. Guidelines include:
- Clearly outline what types of applications and sites are allowed and restricted.
- Outline what company-owned assets users can access on personal devices – i.e. emails, calendars, documents, contacts, etc.
- Implement restrictions on employees storing/transmitting illicit materials or engaging in outside business activities on their personal devices.
3) Use Mobile Device Management (MDM) Software
MDM software lets you monitor, manage and configure all BYOD devices from a central location. MDM software gives your IT team the power to:
- Automatically back up intellectual property at a prescribed frequency via the cloud
- Perform vulnerability scans and block potentially compromising devices from the network
- Keep anti-malware applications updated
- Perform updates and patches remotely
- Wipe lost or stolen devices remotely
- Contain threats and minimize damage quickly in the event of a breach or attack.
4) Communicate BYOD Policies to All Parties
BYOD policies are only successful if the people using them understand the requirements. The best way to clearly communicate your policies to all parties is by investing in ongoing employee security training.
Make sure all users sign an agreement acknowledging that they have read and understand your BYOD policy. This will protect you from liabilities associated with employees who engage in illegal or inappropriate behavior on their BYOD devices.
5) Set up an Employee Exit Plan
At some point, employees with devices on your BYOD platform will leave the company. Failure to remove their access to company networks and data can lead to security issues down the line. Make a BYOD exit checklist part of your exit interview. The checklist should include:
- Disabling company emails
- Wiping company-issued devices
- Changing the passwords to all their company accounts
With a secure BYOD policy that covers all the bases, you can empower users to work more productively, increase employee satisfaction and prevent costly data breaches and malicious attacks from damaging your organization.
MXOtech is a technology consulting company that delivers Managed IT Services, Custom Web Application Development and System Integrations. Started in 2005, and built on the core values of clarity, inspiration, trust and accountability, MXOtech works every day to help their clients use technology to grow their businesses.