Whether you’re providing company laptops and mobile devices or implementing a BYOD policy to improve flexibility and mobility, it’s important that you consider how to protect your data and IT infrastructure when the devices accessing your network are not entirely in your control.
In this article, we’re going to help you understand some of the key risks of BYOD & mobile access, and provide some practical tips on creating policies and procedures to ensure your data is better protected when accessed off-site.
The Risks of BYOD
- Device Loss and Theft
- Sudden Employee Departures
- Inconsistent Security Updates & Unknown Apps
- Unsecured WiFi
Device Loss and Theft
Devices that can be taken everywhere can be left anywhere – or easily swiped during a moment of inattention. And once access to the physical device is lost, encrypted data or device locking passwords may not be enough to stop curious (or determined) thieves or hackers.
Sudden Employee Departures
If an employee is terminated or otherwise resigns immediately without returning to work, will you be able to quickly terminate access to company accounts and data remotely? Did they download any files onto the device that will remain there even after access is revoked?
Inconsistent Security Updates & Unknown Apps
Does your employee regularly update their OS and applications to ensure the latest security measures are in effect? How will you know? Did they download any additional third-party apps that access or interact with company applications and data? Do they run any security software on their personal devices?
The nature of working from anywhere means employees can and will access unsecured networks to get the job done. Coffee shops, airports, or even home networks can present vulnerabilities for hackers to access company information through unsecured wi-fi networks. They gain access to the device through an unsecured network, they’ll have front-line access to company data.
Practical Tips to Make BYOD & Mobile Access Safer
While these are some of the risks inherent to mobile computing in the workplace, they’re not necessarily deal-breakers - the benefits offered flexibility and productivity potential of mobile computing make it a compelling practice. You just have to be smart about it:
Develop Clear BYOD Policies and Processes
- Be clear what sort of devices are appropriate. Part of the benefit is letting the employee choose, but it should be common sense to check for (and prohibit) jail-broken devices or certain apps that compromise security.
- Have a clear conduct policy with regards to personal devices. This can range from how much monitoring your IT department is allowed to have over their device, which contains their personal information, as well to when and where using the device is appropriate.
- Set clear boundaries. Employees are (justifiably) uncomfortable with their employers having access their personal data, and phones are a goldmine of information - location, personal photos, call logs, and contacts. By making it clear what the company can (and will access or monitor), your employees should be more trusting and transparent with device useage.
Implement Practical Measures
Consider that in 2018 73% of internet consumption came from mobile devices. This is why security surrounding their business usage is more crucial than ever. But how can this be done?
- Deploy Virtual Desktop Infrastructure (VDI) or a mobile device management protocol to separate company data from personal data. Private cloud storage is also a viable option. This has the benefit of protecting company data from outside access while keeping the employee’s personal data separate.
- Mandate strong passwords, enable time-out locking on mobile devices, and have users install certain company-provided anti-virus and protective software.
- Develop protocols for reporting a lost or stolen device right away, which should include temporarily freezing employee accounts to change passwords. Consider the ability to remotely wipe the device through the employee’s account as well.
- Determine how company access & permission will be handled on personal devices, including an agreement outlining what will happen when the employee leaves employment or changes roles.
If your business is considering (or has already adopted) BYOD, it's important to ensure you don't forget the security implications - and we can help. Whether it's a network assessment, security audit, or policy and device management as part of our KeeranONE full-stack managed services, our IT experts can ensure your business and employees can safely enjoy the benefits of a BYOD workplace.