20 January 2019
Securing your BYOD policy
Securing your BYOD policy
Work practices have undergone a revolution in the digital age. Networked devices and more mobility have blurred the line between work and home as vast numbers of people perform their jobs across multiple platforms, often far from the office.
An accompanying phenomenon is the bring your own device (BYOD) policy which allows employees to use their own laptops and smartphones in the office or, alternatively, to use those devices to work from home.
BYOD has its pros and cons, and organisations that already have a policy in place or are contemplating implementing one need to tick some boxes to make sure it runs as smoothly and securely as possible.
BYOD has obvious advantages for staff who like the convenience and familiarity of working on their own devices. It could also lead to productivity gains, as users have an affinity for their own personal devices and how they use them.
Personal laptops, tablets and smartphones are usually more cutting edge, given that companies often don't update their desktops for years on end. BYOD also allows staff to carry only one or two devices around with them, rather than different ones for work and personal use.
BYOD policies can save organisations money, as they don't have to spend as much on their IT hardware while allowing workers increased mobility.
Having said that, BYOD practices are not free from security concerns. More and more mobile devices provide greater scope for ways to breach a company's IT infrastructure.
Some employees may not be as stringent as they should be about the information they bring home that could be highly sensitive or confidential. Once they take it out of the office, there's nothing stopping them from sharing it across devices, networks, emails or even showing it to their family and friends.
Disgruntled employees about to walk out the door pose an even bigger threat. If they are leaving to work for a competitor, BYOD makes it easier for them to take intellectual property with them. Alternatively, if an employee uses a smartphone to access the company network then loses it or it's stolen, an unauthorised person could retrieve unsecured data on the device. Staff can also sell their devices or give them away and forget to wipe company data beforehand.
And the necessary
A good BYOD policy should contain two critical components: an application or software program for managing the devices connected to your organisation's networks, and a written agreement that clearly states the responsibilities of employers and staff.
For example, IT departments wishing to monitor the use of personal devices must ensure that they only monitor activities that access company information.
Software developers and device manufacturers are constantly releasing security patches and updates for threats such as viruses and malware. BYOD policies should have the necessary processes in place to automatically apply those patches across all the agreed BYOD devices.
Additionally, organisations can simplify the whole process by limiting the number or make of devices allowed in their BYOD programs and the systems they have to support. Supporting a broad range of devices could become an administrative nightmare.
The IT department should also have permission to remotely wipe the device if it's lost, the employee leaves or if it detects a data breach, virus or any other threat to its infrastructure.
BYOD should satisfy employees and management alike, as long as there's a clear understanding of everyone's responsibilities. Before settling on the best BYOD policy for your organisation, it's worth getting input from HR, IT, finance, legal and anyone else who has a stake in the matter.