So you may have heard of this term: Bring Your Own Device (BYOD). If you haven’t come across it, it simply refers to individuals taking their own smartphones, laptops and tablets to work to connect and ‘sync’ them with the company network.
Clearly this presents businesses with a risk factor if unsecured computing devices (yes, even small ones) are coupled with a firm’s critical business data as it resides on the company server, or in a cloud computing based service.
While BYOD can increase employee productivity and cut costs, for every empowered worker that knows how to handle his or her machine, there is someone who is just not quite sure how to check whether a device is secure or not. So how should this challenge be handled?
Things to consider while developing your BYOD policy:
- Classify data: Develop an accurate picture of what data you have and classify it into one of three categories of sensitivity: low, medium and critical.
- Data search: Ascertain where all business data is kept: which systems, which devices, how it is backed up, and what disaster recovery policies are in place.
- Employee BYOD map: Review how and where employees, contractors and visitors to the business can access, copy, and/or transmit business data.
- Code of conduct and acceptable usage policy: A workable security policy is as much about people as it is about technology solutions. Our Business Resource Centre provides free, common sense guides to securing your business and working on the move.
- Implement security technologies: Install security on all computers and mobile devices owned by the business, and work with employees to ensure they have installed security acceptable to the business on their BYODs.
Enforcing Your BYOD Policy
So you’ve finished your policy, it’s time to roll it out. What are some of the things you can do to ensure that it has been successfully put into place?
- Set a secure remote access procedure that details the technical steps every user must take to connect their device securely to any company-connected data source.
- Encourage a ‘self-support’ culture that shows BYOD users how to secure their own devices from the risks of malware.
- Where possible, employees can be asked to sign mandatory contracts that provide a company with the right to wipe personal machines that have been used for work purposes in the event of the worker leaving their job.
- Users can agree to install remote wiping software (if available) so that their devices can be purged in the event of loss if they are carrying sensitive company data.
- A ‘digital certificate’ (where available) can be installed on every BYOD device so that e-mail and calendaring functions can be authenticated between the device and the company server.