IT Strategy: Lower Security Risks of Bring Your Own Device

Contact Us Today!

“Bring your own device” (BYOD) is a popular system that many companies have implemented. It allows employees to bring in their own devices, instead using company issued ones. Last weeks article: “Security Analysis of Bring Your Own Device” looked into the potential for a security breach associated with such a program. This week will discuss ways to lower the potential risk within BYOD companies. 

Device SecurityCreate and/or Review BYOD Policy

A BYOD policy must be created as soon as possible. In a typical work environment employees will desire to use their personal devices over work ones. IT Management must have policies in place regarding personal devices on the company network, as well as work related data on personal devices. 

If there is already an existing BYOD policy, ensure it is reviewed annually, as the tech landscape changes rapidly. New operating systems, programs, and devices must be tested before being allowed the same access as proven systems. 

 

Security is Top Priority

As with any policy relating to potentially sensitive data, security comes before ease of access. Any user of potentially sensitive data must accept that there will be comprises made in order to be allowed access to the company data. Consider making users of a BYOD system sign a contract, making them responsible for uploading security. These compromises could consist of:

  • Delayed access to updates that change the core functionality of a device (Such as operating system upgrades)

  • Limited supported device library

  • Limited BYOD support depending on role within company. A trusted executive may not knowingly reveal sensitive data, but his device is a target for viruses and and snooping software.

  • Block access to open and unsecured networks, such as public ones at coffee shops or malls. If those networks must be accessed, then make use of a private VPN mandatory.

 

Create List of Supported Platforms

Not all platforms are equal in terms of security. On a security level, closed ecosystems are much more favourable then open ones. Both mobile and computing platforms are also highly fragmented in terms of features and support. Ensure that each platform is verified on an individual basis. 

Mobile Device Management

Smartphones and tablets are the source of highest risk for leaking sensitive data, since they have the highest chance of being stolen or misplaced. At the very least you’ll want the ability to:

  • Locate the device in a web browser using GPS 
  • Remote lock the device
  • Remote wipe the device


Mandatory Password Protection and Encryption

Re-enforcing the idea that security is top priority, ensure that all devices, mobile and desktop, utilize password or PIN protection. If possible, devices should also encrypt their data. Apple computers running OS X 10.3 or later, or Windows computers running 8.1 or later have built in encryption settings that are easily enabled to improve security.

Conclusion

BYOD is an attractive idea that has become common place in many companies. It is not without significant security risks, which must be addressed before implementing a BYOD system. A BYOD system can remain most secure with a proactive approach to security, and ensuring that policies remain current and relevant. If this approach is taken, then a company can be confident that its data will remain secure.



Is there an article you’d like to see us write? Click here to email our writers, and let them know what you’d like to see written about.

 

Read More Articles

Contact Us Today!

 

Image courtesy of Stuart Miles / FreeDigitalPhotos.net

Twitter Facebook