Sound BYOD policies are important to the success of an organizationâs mobile workforce.
Smartphones and tablets are standard tools used by employees to store sensitive business data as well as perform a variety of functions including email while on the move. With employees always wanting to have the latest gadgets, employers have began to implement BYOD policies that allow workers to use individually owned devices to handle work functions. While this may be more convenient for both the employee and employer it can bring about certain security risks that should be addressed in the workplace. Companies allowing employees to use their own mobile devices should take note of these policy guidelines and use them when drafting their own BYOD policies.
Screen lock passwords are required
A screen lock password is an extremely basic level of security, yet many people neglect to turn this feature on. Ensure your BYOD policies require all employees to utilize screen lock passwords to help protect against data theft.
Rooted or jailbroken devices are never allowed
Jailbroken or rooted devices should be considered to be security threats within an organization. These devices can be subject to security vulnerabilities as well as viruses and malware that secured devices are not.
Devices must receive latest OS patches
To stay ahead of the latest threats to mobile devices, employees should be required to have the latest operating systems, regardless of device type. Many of these periodic updates resolve security issues and should always be installed. Some mobile security management solutions offer the ability to push OS updates and update policies to always ensure that devices have the latest available updates.
Companies should use a mobile security management solution
To enforce BYOD policies at the application, device or document level, organizations must use a mobile security management solution. These solutions restrict access to critical corporate data on devices that have not been properly enrolled and vetted.
Business data should be kept separate from personal data
Most mobile management solutions have the ability to wipe data from devices, which makes it important for organizations to use sound app planning and storage processes to ensure that there is a separation between personal and business data.
All corporate data should be encrypted
Any corporate data that is to be accessed on BYOD devices should be encrypted to prevent data from being available in readable form.
Require occasional re-authentication
Occasional re-authentication offers companies the assurance that a user is legitimate. Not requiring re-authentication opens up serious security vulnerabilities, especially when it comes to devices that may be lost or stolen.
Custom profiles based on device type and manufacturer
Because of the many differences between mobile devices, itâs important that separate security policies are used based on device type and manufacturer. Using generic policies can leave major security gaps, which create unnecessary vulnerabilities on an organizationâs network. Many mobile management suites have a variety of profiles for different device types and manufacturers. If a device is not supported by the policies of a mobile management suite, it should not be supported. Period.
While users want the freedom to bring their own devices in todayâs workplace, with this freedom comes great responsibility. Companies must implement ever-changing BYOD policies to ensure that their corporate data does not become compromised. For help establishing a BYOD policy for your organization, or for answers about any aspect of security in mobile work environments, contact our experts today.
- September 2018 (1)
- August 2018 (2)
- July 2018 (2)
- June 2018 (3)
- May 2018 (2)
- April 2018 (1)
- March 2018 (2)
- February 2018 (2)
- January 2018 (1)
- December 2017 (1)
- November 2017 (2)
- October 2017 (2)
- September 2017 (2)
- August 2017 (2)
- July 2017 (2)
- June 2017 (1)
- May 2017 (3)
- April 2017 (1)
- March 2017 (3)
- February 2017 (2)
- January 2017 (3)
- December 2016 (2)
- November 2016 (2)
- October 2016 (3)
- September 2016 (1)
- July 2016 (1)
- June 2016 (3)
- May 2016 (2)
- April 2016 (5)
- March 2016 (2)
- February 2016 (1)
- January 2016 (4)
- December 2015 (5)
- November 2015 (5)
- October 2015 (5)
- September 2015 (4)