December 4, 2017 –
BYOD (Bring Your Own Device) has become more and more popular with small and midsized businesses. When employees supply their own mobile devices and laptops it can be a great benefit for your business in terms of cost savings. Plus, employees get to have the device of their own choosing. (For more on the pros and cons of BYOD, see our blog post from last week).
When implementing BYOD, one of the cons we highlighted last week is security issues. To reduce the risks (and the costs) we recommend small and mid-sized businesses take an approach that includes the following areas:
Create a BYOD Policy
Before implementing BYOD, it’s important to set up the policies you will put in place for your organization. A BYOD policy will address questions including:
- allowed device types,
- what information/areas/applications employees will be able to access via the device,
- permitted and disallowed apps,
- and what personal data will be collected from the device by the business.
A strong BYOD approach also requires employees to sign an acknowledgement that they have read and understand the policy. This acknowledgement will outline the acceptable uses including guidelines for personal use on company time, website access rules, security policies, use of cameras while onsite (particularly for secure/confidential areas of the facility), allowed applications, and zero tolerance policies for texting while driving.
Set up BYOD Security Measures
There’s a wide array of solutions available to support proper security on employee-owned devices. Whether you’re using a fully automated solution or addressing security issues manually, you need to be sure you have the following areas covered:
- Track and Register devices connected to the network and accessing applications (including email)
- Set up devices to be wipe-enabled, so if they are lost or stolen the corporate data can be remotely removed.
- Require passwords and auto-lock standards to improve on-device security
- Install VPN technology on the device
- Require encryption software on the device
- Separate the personal data from the corporate data using Enterprise Mobile Management solution. IT personnel can selectively mange (and wipe if required) the corporate data, leaving the personal data and applications untouched.
Train Your Users
While proper employee training is important in order to achieve peak performance from your team, it is a mission critical requirement if you’re going to successfully implement BYOD at your small or mid-sized business. The training employee must educate your team on:
- How to security access and manage corporate data accessed via the device
- What applications are approved to use versus those which are restricted due to security or other company policy requirements
- Guidance on the use of public WiFi networks
- How to set up security on the device including password policies, auto-lock features, and more
Ongoing Monitoring and Management of Devices
After implementing BYOD, you must continually monitor and check that employees are complying with policies and the latest security measures are kept up-to-date and still active on the device. There are a variety of software solutions that can help to automate the BYOD process for businesses. At a basic level, there are solutions which will monitor, management and secure the employee’s mobile device. These solutions also track usage, ensure the latest operating system files are installed, and confirm encryption software is operating correctly. More advanced solutions expand out into managing all types of endpoint devices including desktops, IoT devices, and mobile devices all from the same software platform.
Regardless of the software used, or how far you want to go with BYOD, it’s important to tread carefully. This isn’t an area of your business where you want to just “give it ago”, open up the network and see how it goes. The IT leadership team should carefully plan the approach, enact the policy, secure employee agreements, and manage and monitor the environment to ensure ongoing compliance with the BYOD approach.
For more insights on how to implement BYOD successfully in your business, please feel free to Contact Us.
- The AccountabilIT Team