Editor’s note: In response to the coronavirus pandemic, TechGenix is republishing a selection of recent articles, tutorials, and product reviews with relevant information for IT admins as their jobs change dramatically. This article, originally published April 13, 2018, looks at “bring your own device” (BYOD) policies, which many IT pros are currently being forced to administer on the fly.
Bring your own device (BYOD) programs have gained popularity among enterprise organizations and smaller companies, and all signs point to this trend finding more adopters as the years go by. And why wouldn’t they? After all, a Sapho research found that the average worker saves nearly 81 minutes a week in terms of productivity when using a personal device at work. Moreover, 78 percent of staff say that a BYOD program allows for a better work-life balance.
Combine these statistics with the positive impact of a BYOD program on company financials, and it is easily understandable why many leaderships support the implementation of BYOD.
However, there are still some concerns regarding internal governance, security breaches, device management, and other possible complications. To overcome these issues in their BYOD policy, companies must check the major elements listed below:
All BYOD program rules must be written in a clear way
The first thing you need to do is decrease IT costs by reducing risky behavior on the part of end-users. And that can be achieved by stating the do’s and don’ts in your BYOD program clearly. Include all the major points in writing, including blacklisted apps and programs, jailbroken phones, and other prohibited devices, privacy disclosures, and procedures for the theft or loss of devices.
Add contingencies so that all data on a stolen device can be wiped or the company can access a limited amount of personal information to protect the private lives of the employees.
Make sure all of the issues are cleared with the legal department as well as the human resources team so your company does not end as the target of a lawsuit. The goal is to set up the BYOD policy as a “working document” — one that is updated constantly to reflect the changing technologies and programs within the company. Nothing should be so rigid!
Keep the presentation formal
Your company should make all employees sign off that they have read and are comfortable with the BYOD policy being implemented.
If necessary, provide online or formal classroom training to ensure compliance and comprehension, especially for the members of staff who are not tech-savvy and do not realize how seemingly harmless actions can expose the company to risks and attacks.
Every employee of the company should be handed a copy of the BYOD program in writing, and as an added measure, you should post the document online on the company Intranet as well.
Set the minimum-security standard
Work closely with the IT personnel in your company to devise the minimum security requirements of the BYOD program, such as the use of lock screens, passwords, encryption, and PINs. Implement programs that offer more control over the devices connected to the company network and enable the segregation of personal data from company data.
Make the BYOD program flexible and scalable
It is your responsibility to ensure that the security software gets installed on new equipment without any hassle. For this reason, cloud-based services are highly recommended. Not only are they compatible with new devices, but thanks to the availability of per-user subscription models, your company ends up saving money by protecting the right thing at the right time.
You should consider any exceptions to the rule, like enabling peer-to-peer networking programs for users who require such tools. Otherwise, an employee might try to find a way to flout the security protocols and use banned apps.
Also, in light of the limitless number of devices and operating systems available to users, it might be better if companies limited the types of equipment they want to support (they probably don’t want to support your Xbox!). This kind of security measure will provide the organization with greater control, allowing it to streamline the security approach as well as the collection and management of data.
Protect against as many threats as you can
The written policies for the BYOD program must include safeguards against risky behavior, like opening an attachment in an email sent from an unknown source or visiting unsafe websites. Install antivirus software, if required, and block unauthorized access.
Clearly state how workers can back up their private data in the BYOD policy. Also, be sure to inform your employees about seemingly harmless exploits, like using a fake antivirus scanner and phishing attacks.
When you install a reliable and effective endpoint protection program, not only will it alert users against such lesser-known threats but send regular updates on how best to protect their BYOD devices (and, no, this does not include your music player device so you can listen to more Lady Gaga!).
Owing to the rapidly evolving nature of BYOD law and technology, your company must regularly review the BYOD program and revise it if required. The best part is that none of these plans cost a lot of money. All that needs to be done is to stay abreast of the latest threats and set up a strong communication system.
Provide support for remote control and monitoring
Most companies are unable to determine which BYOD devices are accessing the corporate systems. In this situation, a third-party mobile device management tool (MDM) comes in handy. MDM services provide a host of benefits, including policy enforcement, malware blocking, remote wiping, logging, and encryption — usually from one centralized platform for the benefit of the end-users.
Devise a bring your own device strategy for staff departure
Implement protocols that need to be followed in case an employee with a BYOD device decides to leave the company. These protocols should not only address privacy issues related to personal data but also offer the opportunity to remotely access data and track the device via GPS before the employee leaves the company.
Employees must disclose all information connected to the personal devices they are using before leaving the company so that you can be sure that no information is misplaced or lost.
The way things are right now, it is not possible for the company to ignore the BYOD trend. What you can do instead is leverage the advantages offered by the program and minimize the possible pitfalls.
It’s not a fast or simple task, but one that is necessary if your business is going to safeguard all its data and systems from attacks and breaches while providing workers the convenience and freedom they require.
Photo credit: Pexels