BYOD Security - Keeping Your Device Secured
What is BYOD?
As office culture changes and working from home becomes the new “normal”, one must consider the necessity for employees to utilize their own devices and equipment. The “Bring Your Own Device” (BYOD) concept is bringing about new and exciting communication methods, and if implemented correctly, can be a cost-effective change to your business model. In fact, research proves that BYOD generates $350 of value each year per employee. Employees are more productive using their own devices compared to their colleagues who use company hardware. On average, a BYOD-carrying employee works an extra two hours, and companies gain an extra 240 hours of work per year. Over half (69% to be exact) of IT-decision makers in the U.S. say BYOD is a good strategy. However, with these recent shifts in workplace culture, there is now a critical need to take precaution in protecting your client’s data, arguably a company’s most important asset.
Security Policies and Guidelines
Of course, for employees to get on board, trust must be built. Acceptable use guidelines are what prevent viruses and malware from entering a system. By blocking unsecured websites and apps, as well as “time wasting” websites (i.e., Facebook and YouTube), your network becomes more secured while productivity and focus are maintained. Employees need to be informed of why these restrictions are being put into place alongside the ability to use their devices responsibly. After all, it’s just business.
When defining the acceptable use guidelines for you company, address the following questions with your IT leadership team or managed services provider:
· Which and what types of apps are employees permitted to access from their personal devices?
· Which websites should be banned while a device is connected to the corporate network?
· What are the policies regarding the storing/transmitting illicit materials or engaging in outside business activities on an employees’ personal device?
From there you can build the security policies based on the answers to those questions, your company’s industry, and business size.
Both security policies and acceptable use guidelines are the bedrock foundation to a secure work environment for any company implementing BYOD. An unsecured device browsing unsafe websites is a prime target for cyber-attacks and stolen data. When creating a safe and secure working environment consider the following.
· What are the minimum required security controls for devices? (This includes data encryption and password requirements.)
· Use of strong, alphanumeric passwords for all smartphones, laptops, and tablets.
· Where will data from BYOD devices be stored? What types of information can be stored locally, in any?
· Will you enforce inactivity timeout controls so that devices are required to lock automatically after being idle for a defined period?
· What company-provided components are available (i.e., SSL certificates for device authentication?)
· What are the company rights for altering the device (i.e., remote wiping for lost or stolen devices?)
Mobile and Network Security
Another important aspect to secure your business’s data while moving towards a BYOD culture is mobile and network security. Though holding employees accountable to follow company policies online is crucial, it is still necessary to make sure their devices and internet service are both secured with a PIN or password that is not easily guessed. Additional protection can be provided with a secured, encrypted VPN for employees to access prior to checking their email or other company systems. It is also great practice to educate your employees on the dangers of phishing emails, how to detect one, and how to report an email as phishing. After all, 94% of malware is delivered through email. The purpose of implementing these security measures is so hackers and cyber criminals have a harder time accessing your data. Essentially, you are fortifying your virtual defense.
The Future of How We Work
By designating technology use policies for employees as well as investing in both physical and cyber security measures, an effective work from home business model is certainly possible. BYOD and the ability to remotely work have brought unique opportunities to create a better work/personal life balance that were not always available. Many tasks can easily be fulfilled by utilizing video collaboration, various email or messaging services, and file sharing services thus improving efficiency. With all these benefits, it is no secret as to why so many businesses such as Apple, MobileIron, Google, and so many others have already incorporated BYOD policy into their work culture.
Is your company interested in BYOD? Contact us today at mobilesecurity@lionaenterprises.com to start the conversation.