This work-anywhere employee perk can become a security nightmare for IT without a strong BYOD policy
Many organizations have found that allowing employees to use their own devices at work leads to increased satisfaction, greater responsiveness and better accessibility to workers. While this is all good news for employees, it creates a challenge for IT personnel who are tasked with allowing employee owned devices without compromising the safety and security of their companyâs data and infrastructure.
More Stringent Policies Needed With BYOD
Gartner predicts that by 2018, the number of employee-owned devices used for work will be double the number of company-owned devices. Yet a 2014 security report published by Check Point Software indicates that most companies struggle to securely manage employee-owned devices. A staggering 95% of the 700 IT professionals surveyed indicated that developing and supporting a BYOD was a struggle in their organization.
Significant problems can arise when allowing employees to use their devices for both corporate and personal use. While most corporate owned devices use disk encryption and authentication methods to protect devices and data, BYOD smartphones and tablets often donât have these extra layers of security in place.
Guidelines for Crafting BYOD Policies
Use these guidelines to ensure your organization is ready to handle the security threats that BYOD policies may introduce in your workplace.
- Determine which devices are allowed to which employees
One of the most important components of any BYOD framework is identifying and communicating the types of devices that your company is planning to support. Who will be allowed to use their personal devices? Which devices will you support? For example, you may support either iOS, Android or both. These questions are incredibly important because the answers will ensure your employees understand what type of devices will be supported on the corporate network.
- Establish a robust security policy across devices
When users operate their personal devices, they will often avoid using any type of password or lock screen, which can introduce major security vulnerabilities. Even if employees argue against these security measures, itâs important that your IT team stay vigilant to ensure employees are following through with implementing this additional layer of security.
- Identify what apps you will allow
With new mobile apps being released on a daily basis, employers must ensure theyâre staying up to date on which apps will be allowed on employee owned devices. List which applications are required to be on employee-owned devices. Also consider which apps should be prohibited for security reasons.
- Determine who owns what data and apps
When your employees choose to use personal devices for work related tasks, they will obviously have certain data and apps that are not related to your company. The complications with this approach usually arise when a device is lost or stolen and therefore needs to be wiped clean remotely. In these instances you want to have a strict policy as to how this situation is handled. If your policy is that all devices that are lost or stolen are wiped clean, youâll want to ensure your employees understand the ramifications of losing personal data.
You should consider MDM (mobile device management) software, which will allow you to destroy all company data while leaving personal data intact. It can also be used to restore factory settings, which will wipe both personal and company data from the device, or even to wipe out the entire contents of the device, which will render it completely useless.
- Have an employee exit strategy
With employees using personal devices at work, itâs important to also have a policy in place that addresses the issues that will arise when someone leaves the company entirely. Some companies merely shut off access to email and synchronization services while others require a full wipe of a BYOD-enabled device. Whatever policy suits your company, make sure that your employees are aware of how it will affect them if they leave the company.
BYOD Policies Need to be Flexible
As technology evolves, your companyâs BYOD policies will need to evolve as well. Creating a framework for your BYOD policy, youâll be able to better control your private information and respond to changing security requirements based on emerging trends. For help establishing a robust framework and BYOD policy, request a consultation with our mobility experts today.