Over the past few years, the adoption of Bring Your Own Device (BYOD) has become a widespread practice in many businesses across the globe. It is a practice which allows staff to use their own personal devices for work purposes, either within the office or when working remotely from home.
BYOD certainly offers many business benefits, such as greater flexibility and employee productivity, increased cost savings, and the ability to attract a tech-savvy younger workforce. However, concerns arise with regard to the security implications of adopting company-wide BYOD policies.
UK-based data security experts, Northdoor, discuss four key ways for business to overcome these challenges and safely implement BYOD.
Comprehensive policy creation
In the vast majority of businesses, there are likely to be several members of staff who share files, distribute data and handle sensitive customer, client or company information. As such, a strict policy which governs the use of BYOD is essential. This should ideally be created before implementation, covering all aspects, including what constitutes appropriate device usage and how to follow strict password guidelines.
The policy should also make it clear that all employees wishing to participate in BYOD must keep their mobile devices up-to-date and properly installed with approved anti-virus applications. Moreover, only devices that have been authorised should be able to access the company network – all others must be denied access.
The policy needs to be easy to comprehend and readily accessible to all employees, both existing and new. The most straightforward way to achieve thorough understanding is to schedule in employee training sessions which outline what BYOD is, the risks involved, and how staff should take care to prevent such risks.
It is also worth noting that the recent commencement of the General Data Protection Regulations (GDPR) means all BYOD policies must now comply with legislation relating to data protection.
Access and usage restrictions
Restrictions should be put in place to govern who may access company data. This can be done by granting certain access levels to people, based on their specific job title, roles and responsibilities.
Likewise, a list of authorised personal devices that are linked to the organisation’s network must always be kept up-to-date and well-maintained, so that if a breach were to occur, the source of it can easily be found, and those responsible can be immediately locked out.
For security purposes, authorised devices must only be connected via one, secure, cloud-based service. Furthermore, companies can make use of encryption and a Virtual Private Network (VPN) to make BYOD implementation as straightforward and secure as possible.
IT departments can also create other restriction guidelines determining that only certain mobile apps can be used on BYOD devices within the workplace, as well as setting maximum file sizes for e-mail attachments.
Strict password regulation
We are likely all aware of how important it is to keep passwords as secure as possible, and this must apply to BYOD devices too. Your company-wide policy should state that passwords must meet certain requirements, such as being 10 characters long and consisting of a combination of letters, symbols and numbers.
Likewise, a two-factor authentication process, which requires a backup phone number, e-mail or fingerprint ID, should exist for those attempting to access the company network. This can be easily set up by your IT department (or a third party provider).
Whilst these extensively protective measures may not be entirely favourable amongst members of staff, they are undoubtedly worthwhile for the overall security of company data.
The BYOD policy must also outline the steps that are to take place once an employee has left the company. This should detail how sensitive company information can be retrieved from their personal devices in a lawful way before they exit.
A recent report noted that this step is often overlooked, with only 1 in 3 employers implementing a solid BYOD exit strategy, which involves removing sensitive company data using remote wipes of employee’s personal devices.
BYOD for business
A huge number of UK companies from all sectors and of varying sizes have successfully managed to create a sustainable modern BYOD policy. However, company-wide adoption may only remain effective if a stringent, well thought out policy is put in place, governing its proper use. Additionally, all staff members using it must be fully aware of their personal responsibilities and the potential security threats which could occur in the event of its improper use.