Security steps which need to be taken when allowing BYOD

Bring Your Own Device (BYOD) is the policy of allowing employees of a company access company information and work on company projects from their own device- such as a smartphone, tablet, laptop, etc. This provides the IT department with the challenging task of implementing support for an employee’s device while securely protecting valuable company data. 

With the continued rise of BYOD, many companies feel that they must support it. When a CEO or other chief ranking officer of a company wants to use their own device for company business, the IT department will have to make it happen. The demand for BYOD is huge among regular employees as well, and more and more, companies are giving in and accepting BYOD. When a security problem arises, it’s usually because the IT department doesn’t know how to, or just doesn’t, implement the necessary security measures. 

It should be obvious by now that BYOD is not just some temporary fad, it is here to stay. But a number of companies still do not allow BYOD, citing security concerns. Protection of sensitive company information is a main concern of most companies. However, with the right set of security measures in place, BYOD can be a great asset to a company that’s looking to progress forward. The BYOD policy allows employees to feel more comfortable as they are allowed to use devices they are completely familiar with, which promotes a stronger work ethic and higher quality work to be completed. But with such a variety of the types of devices allowed, as well as third party applications, and remote access, the possibility of a security leak can quickly become reality. 

One problem is that mobile devices such as smartphones and tablets are usually not setup with strict authentication or encryption, unlike a company laptop, which would usually be implemented with high security measures in case it was to become lost or stolen. 

We have thought about the BYOD security concerns and are going to share with you the 5 best security tips for IT departments that are currently in the process of adding support for BYOD or plan to do so in the future. 

Policies

New policies must be clearly written so that they are understood by employees that will be using their own devices. New terms and conditions should be written and signed by employees or they should not be allowed to participate in BYOD. 

Proper Training

Besides the new policies, employees should also be properly trained on the new measures that are taking place, especially security measures such as strict authentication and lock codes. Also, they should understand the correct uses of mobile applications and how to spot any possible leaks or security flaws. 

Clear Expectations

Make the expectations clear to all employees. This is going to be a huge change for many people including the employees who will be using their own devices. While this is essentially making their job easier and more comfortable, it also brings more responsibility and they must understand the consequences of security breaches and they must take the added security measures seriously. 

Encryption of Data at Rest

This is one of the most important measures that needs to be implemented. Encryption can be the difference between a security leak and impenetrable data protection. There are many third-party synchronization applications that sync data between various cloud applications (such as Evernote, Google Drive, Dropbox, etc.) and mobile devices. This creates the possibility of a confidential data leak but it can easily be prevented by use of encryption. Many companies have opted to simply block the applications but this is only reducing their effectiveness. The best measure is to use encryption to secure any files or documents containing sensitive company data. 

Encryption of Data in Transfer

All data that is transmitted between company computers and employees’ devices has the possibility of being compromised. All applications that the employees use on their devices should have secure access, such as SSL, to prevent the possibility of stolen data.


Related Post