There’s no question that it’s valuable for an employee to use their personal tablet or smartphone at work. It eliminates the overhead expense of a company purchasing a cell phone, paying for an additional line of service or the capital expense of investing in separate tablets for the employee. But Bring Your Own Device (BYOD) needs to be closely managed in order to be secure. Many businesses struggle with how to ensure that their network and data can remain secure while employees bring their own machines into the office to plug into their network.
You don’t have the appropriate firewall or router to monitor internal traffic. We delved into this in more detail in our recent blog on firewalls and routers. Perhaps one of the most important things to understand about BYOD is the fact that at any time a device could be plugged into your network that has contracted some sort of virus. Your network should be configured to scan traffic from external devices to ensure that your network is protected against threats from devices coming in from the outside.
You don’t have an acceptable use policy written up. It’s important to set expectations around the use of external technology, approved applications and acceptable use for those devices. It’s important that they are set up with the appropriate security and passcodes to prevent company data from inadvertently falling into unauthorized hands.
There is no remote-wipe capability in place. Picture this: Suzy is using her personal tablet for work purposes. She is diligent with the pass code and understands the acceptable use policy, but she left her device on the airplane on a trip overseas. Despite her best efforts, she cannot recover the device. In this case, remote-wipe is extraordinarily valuable to protect the information on that device. Conversely, if an employee leaves unexpectedly and has e-mail or other company files on their device, you need a way to eliminate that data from the device as quickly as possible. While this is a last-effort option, it’s something that employers should consider depending on the nature of the data that the employee is interacting with.
You haven’t taken the time to educate and train your employees. What’s the point in having an acceptable use policy if you haven’t taken the time to sit down with your employees and make them fully understand those policies? Employee training is very important for ensuring that your security policies are followed and has shown to decrease instances of breach significantly.
You aren’t restricting data flow. Data sharing applications like Dropbox and other File Transfer applications are being used to share data across devices by your employees. By appropriately securing data flow across devices and through cloud-based service applications with containers and management, you can minimize the risk of business data being compromised
BYOD is a must in today’s world of technology. Employees need e-mail on their personal devices and flexibility in where they work. By implementing BYOD and managing it properly from the start, you can ensure that you protect your business data and that employee’s needs. With a little diligent planning, policy implementation, and training your company can significantly reduce the risk of data breaches and information leaks.