In some ways, convenience makes things more complicated. Take, for example, one of the latest IT fads that is sweeping many SMBs: Bring Your Own Device (BYOD). But what does that mean, exactly? Even more importantly: how do you protect your company when you have the option?
Companies that allow their employees to bring their own devices to work are on the rise. Many will allow their employees to access company IT resources from their phone, their laptop--even their tablet.
Needless to say, with that level of open access to an IT environment from non-standardized hardware, the potential for security threats is enhanced. There is also the potential for unauthorized access to sensitive information if employees lose their devices (unfortunately, not an uncommon occurrence with mobile devices) that store sensitive, company-related data.
However, if your company wants to adopt a BYOD policy, you should know that all is not lost. There are precautions that you can take to improve your level of security.
Ask anyone who says they don't have BYODs to review their logs—I guarantee they'll find Mobile Safari.
Dave Martin, CSO, EMC Corp.
Although the basic concept behind BYOD is all about providing more flexibility to employees, the policy shouldn’t be allowed at the expense of all business control.
Ask employees to notify management if they wish to use their devices. All devices used should be “registered,” in some way, with IT management. The simple fact of the matter is that company management needs to know who is using a personal device to access IT resources.
Ensure that employees who use their own devices are following best practices. There are basic security best practices that everyone should follow. For example, employees should ensure that their device is password protected. Beyond that, the device should be locked automatically once it’s been idle for just a few minutes.
Have a BYOD policy in place. Make sure that there are clearly defined policies in place regarding BYOD for your company. It’s best to ask the employees to sign a document indicating that they have read and agree to the policy.
Have a mobility management solution in place. If your organization is leaning towards BYOD, having a mobility management solution in place is one of the smartest things that you can do. A mobility management solution provides a bird’s-eye view of the mobile devices that have access to your network. Also, as the name implies, mobility management solutions also enable you to manage mobile devices remotely. You can wipe the data from a device if it’s lost or stolen. You can also encrypt data remotely.
The types of best-practice policies we've listed above will help mitigate risk against information exposure to unauthorized individuals, but it's not all you have to do in order to keep data safe.
The most obvious of all of the risks is the mixture of corporate and personal data on the device. One of the biggest threats to mobile devices is when malware is unkowingly installed by the user. Perhaps they'd downloaded an infected mobile app, or maybe accidentally clicked a link they weren't intending on clicking. This means that the malware could find its way onto the company's network.
How to prevent this: Consider implementing a type of Enterprise Mobility Management (EMM) software so that you can monitor and then detect risks before they become problematic.
Not only is it common for mobile phones and tablets to be stolen, they are also the weakest link when it comes to security. They require regular software and patch updates, with the responsibility for these updates being solely the employee's.
How to prevent this: As mentioned above, consider requiring a strong password for all devices and a way to report if the device is lost or stolen. Create a clear and concise Acceptable Use policy that clearly defines boundaries and consequences of if they're violated.
It can be difficult to troubleshoot and protect all of the different devices available to your employees due to the wide range available to them. Some of your employees may have an Android phone, and others may have a MacBook. Not only can different types of hardware be an issue, so can software and operating systems.
How to prevent this: Consider only allowing access for more recent or up-to-date devices. For example, only allowing access from an iPhone 3GS and above, or Windows 7 and above.
Does your business need help moving forward into the future? V-Soft Consulting’s Business Solutions team is ready to help you with all of your mobile app development needs. You can get a free, no-strings-attached consultation to see if we fit your needs. Simply contact us for more information. We’ll be glad to help.