Sound BYOD policies are important to the success of an organizationâs mobile workforce.
Smartphones and tablets are standard tools used by employees to store sensitive business data as well as perform a variety of functions including email while on the move. With employees always wanting to have the latest gadgets, employers have began to implement BYOD policies that allow workers to use individually owned devices to handle work functions. While this may be more convenient for both the employee and employer it can bring about certain security risks that should be addressed in the workplace. Companies allowing employees to use their own mobile devices should take note of these policy guidelines and use them when drafting their own BYOD policies.
Screen lock passwords are required
A screen lock password is an extremely basic level of security, yet many people neglect to turn this feature on. Ensure your BYOD policies require all employees to utilize screen lock passwords to help protect against data theft.
Rooted or jailbroken devices are never allowed
Jailbroken or rooted devices should be considered to be security threats within an organization. These devices can be subject to security vulnerabilities as well as viruses and malware that secured devices are not.
Devices must receive latest OS patches
To stay ahead of the latest threats to mobile devices, employees should be required to have the latest operating systems, regardless of device type. Many of these periodic updates resolve security issues and should always be installed. Some mobile security management solutions offer the ability to push OS updates and update policies to always ensure that devices have the latest available updates.
Companies should use a mobile security management solution
To enforce BYOD policies at the application, device or document level, organizations must use a mobile security management solution. These solutions restrict access to critical corporate data on devices that have not been properly enrolled and vetted.
Business data should be kept separate from personal data
Most mobile management solutions have the ability to wipe data from devices, which makes it important for organizations to use sound app planning and storage processes to ensure that there is a separation between personal and business data.
All corporate data should be encrypted
Any corporate data that is to be accessed on BYOD devices should be encrypted to prevent data from being available in readable form.
Require occasional re-authentication
Occasional re-authentication offers companies the assurance that a user is legitimate. Not requiring re-authentication opens up serious security vulnerabilities, especially when it comes to devices that may be lost or stolen.
Custom profiles based on device type and manufacturer
Because of the many differences between mobile devices, itâs important that separate security policies are used based on device type and manufacturer. Using generic policies can leave major security gaps, which create unnecessary vulnerabilities on an organizationâs network. Many mobile management suites have a variety of profiles for different device types and manufacturers. If a device is not supported by the policies of a mobile management suite, it should not be supported. Period.
While users want the freedom to bring their own devices in todayâs workplace, with this freedom comes great responsibility. Companies must implement ever-changing BYOD policies to ensure that their corporate data does not become compromised. For help establishing a BYOD policy for your organization, or for answers about any aspect of security in mobile work environments, contact our experts today.