5 Tips to Establishing a Secure BYOD Policy
‘Normal office hours’ are becoming a thing of the past. Your team is accessible almost anytime and anywhere, and your clients are reaping the benefit. The use of mobile devices, especially smartphones, in the workplace has skyrocketed. Businesses are reporting improved collaboration of dispersed teams, increased productivity overall, and reduced costs to the business by allowing mobile devices to be used for business. This is a promising trend, but one that has risks if proper security and use policies are not in effect. Here are 5 tips to establish effective BYOD policies:
1. Specify Approved Devices.
There are lots of devices people use everyday – smartphones, tablets, iPhones, Androids, and everything in between – are all of them going to be fair game in the workplace? If your initial answer is yes, is your IT staff prepared to provide support for all of those? You need to be make it perfectly clear which devices are approved for work use.
2. Clarify Services Available to Approved BYO Devices.
Now that their smartphones are work phones, what services will you offer when things go wrong? If their kid installs an app that affects the phone’s performance or security, will your team fix it? Where do you draw the line? If they break their phone, are you going to replace it or give them a loaner while it is repaired? All of these terms need to be laid out clearly so they understand the risks involved in using a personal device for work purposes.
3. Establish a Guide to Which Apps are Allowed and Which Aren’t
Again, it gets more complex. People download apps and grant permission to those apps without fully appreciating the security risks they are assuming. That’s all fine and well when it’s their own data they put at risk. But, now we’re talking about granting access to your sensitive and proprietary information. Your IT team needs to review the most used apps and decide which pose unacceptable network security risks. This applies to any device, personal or business, that accesses your network. Also establish a policy that requires your staff to get new apps approved prior to downloading.
4. Write a Clear and Concise BYOD Security Policy.
People are careless with their personal phones. They sign on to free Wi-Fi anywhere they go to avoid data charges. This poses a tremendous risk to your data. While it’s hard to think there is someone just waiting in the coffee shop for quality, steal-worthy data to come available, it’s the mindset your staff must take.
Passwords are another major concern. Time reported that the average American checked their phone 46 times a day; who wants to enter a password 46 times in one day??? No one. But it has to be one of the most fundamental requirements of any BYOD security policy. Not just any password either. You must require a strong, alphanumeric password with special characters.
Also consider a “Right to Wipe” policy adopting some form of mobile device management. If data becomes vulnerable and drilling down through all the apps to find the source is too costly, then your IT staff needs to have the availability to wipe the phone completely. This is not going to be a popular addition. However, BYOD is almost never a requirement. It is an opt-in choice your staff makes and this is a risk they must be willing to take for the convenience. If possible, you can amend your policy with options to help them back up their personal data to the cloud.
5. Don’t Write Your Policy in Vacuum.
A BYOD Policy needs to be as in-depth and through as your Disaster Recovery Plan. It takes more than one person to craft it. You need input from all levels and all departments to find one that fits your companies needs. And you need to update it over time as apps and technology change.
There are many things to consider when laying out your BYOD Policies; the most important being your Network Security. If you want to learn more about how to strengthen your Network Security in the face of a mobile work force, contact the experts at Corporate Technologies Group. And download our Network Security Checklist.
Download the checklist