Bring Your Own Device (BYOD) has become a popular modern practice in recent years, allowing employees to work from their own smartphones, tablets or laptops, in and out of the workplace.
Incorporating this procedure brings several benefits, including employee flexibility, cost savings, increased productivity and attracting a younger, tech-savvy crowd. However, with BYOD implementation comes several barriers, the most significant of which is a threat to company security. Devices can, of course, be lost, stolen or hacked, putting sensitive company data at risk. Northdoor, a UK IT security consultancy, discusses the several ways to safely implement a company-wide BYOD policy.
Create a thorough policy
As there are likely to be many different employees sharing files, distributing data and handling sensitive information at any given time, a stringent BYOD policy is essential. This should outline proper device usage, as well as including important guidelines regarding passwords, the need to keep personal devices updated with anti-virus software, and only allowing authorised devices to connect to the company network. A BYOD policy should be easily accessible and understood by all employees. The easiest way to ensure understanding is to schedule training sessions for all staff, which aims to educate them of the risks and how to prevent them. Additionally, with the recent introduction of GDPR, a BYOD policy must comply with data protection legislation.
Control access and usage
Limitations need to exist over who can gain access to data, as well as specific access levels granted, based on employee job roles and responsibilities. A list of authorised personal devices linked to the company network should be kept well maintained and updated regularly. This ensures the source of a breach can be easily traced, so that a restriction of access can be quickly made. All authorised devices must be connected to one, singular, secure, cloud-based service. Businesses can use virtual private networks (VPNs) and encryption to help effectively implement BYOD, so that personal devices are able to easily connect with sources of data whenever necessary.
Other ways to secure and control access include; clarifying which apps employees are able to use within the workplace on such devices, and which are not, as well as defining restrictions when sending e-mails, such as the maximum file size allowed to be sent in an attachment on a personal device. You must also stress the importance of employees keeping their devices updated with the latest security and anti-virus software.
Tight password controls
Having steps in place to ensure passwords are as strong as possible and changed on a regular basis adds another layer of protection to your BYOD implementation. A two-factor authentication process for any corporate network access can also be mandated by the IT department and will provide a much greater safety net.
While employees may not be a fan of these frequent precautionary measures, they are certainly very important for business security.
A secure exit strategy
IT departments should also have a solid plan in place for employees who are leaving the company. There needs to be a way in which sensitive data can legitimately be retrieved from personal devices before employees make an exit. According to a report on BYOD, only around one in three employers think about this step and actively work to remove sensitive data from departing employees’ devices using a remote wipe. Failing to do this obviously puts businesses at greater risk, which is why it is a crucial step in avoiding potentially devastating data breaches.
Adopting BYOD
According to research, 49 per cent of companies rejecting BYOD did so because of their concerns over support from IT departments. As such, for this type of policy to be effective, both employees and IT departments need to reach a point where they are willing and able to effectively work together, while balancing the important notions of company security and employee flexibility.
Decision-makers can secure IT department support by adhering to all the points above, demonstrating how seriously they take the very real security concerns associated with BYOD adoption.
That being said, there are a significant number of businesses of all types and sizes which successfully manage to make a BYOD strategy work without issues. However, company-wide adoption can only be effective where a solid, stringent policy exists surrounding its use, of which every employee is aware of their responsibilities and the consequences which could occur as a result of its misuse.
