How can you prevent BYOD from becoming “bring your own disaster”?
Bring your own device (or BYOD) is the hottest tech security issue right now.
Research shows that the majority of global companies now allow BYOD, with high-growth countries such as China, India and Brazil leading the way.
But a huge amount of employees engage in risky behaviour on their devices. They use work e-mail for personal activities, fail to verify security settings of online shopping sites, use Cloud services to send and share work documents without IT permission, and they lose their devices.
So how can you prevent BYOD from becoming “bring your own disaster”?
BYOD basics
Start by identifying what employees are using their devices for, and how your business needs them to be used. Then create a very clear acceptable usage policy, which includes an employee's obligations in keeping the device secure and what happens if they leave the company. Technology can only go so far – user behaviour is critical to maintaining security and compliance.
Employees may not realise that a mobile game they enjoy during a lunch break is able to access their location, address book and calendar, as well as share unencrypted data with half a dozen ad networks. Education is paramount.
Keeping data secure
Consider your organisation’s security needs. Will you make a Personal Identification Number (PIN) mandatory? What about encryption to protect any data that is downloaded and stored on the device?
You’ll also need to determine which types of apps you’ll allow users to download to their personal devices. Are there any specific applications or classes of applications you want to limit?
Mobile device management
If your security needs are very high, you may need to consider mobile device management (MDM). This involves locking down devices with passwords and encryption, even disabling cameras, as well as remote management features such as remotely locking and wiping data from lost devices.
With this choice, your staff may need to sign a terms of use policy, agreeing to have all data, including personal information, wiped. For some, this option will seem too restrictive and invasive for a device they own.
Mobile Application Management
A more flexible approach is Mobile Application Management (MAM). This involves providing secure access to documents and other corporate data from almost any device. The easiest way to manage this is by running corporate applications from the Cloud. This allows companies to determine exactly what apps employees can use on personal devices and centrally manage applications and data access.
It gives IT departments highly granular control and the ability to authorise specific features for different contexts, such as time and location. For example, access to certain data could be restricted to when the device is physically present within the workplace.
Educating users is essential
Responsible user behaviour is key to a successful BYOD strategy. Provide training to make sure staff know how to adhere to your policy, watch for suspicious activity and make the best use of their mobile device for work.
The key to a successful BYOD policy is to strike the right balance between flexibility and control. Once you embrace BYOD, make sure you have the right policies in place to ensure it works for your business.
