Your IT department may have tried to resist BYOD, primarily due to security concerns. But the fact is, employees are using their own devices (mostly mobile) to access your systems, check their email, and work with your data. The question isn’t, “How can we prevent BYOD?” but instead, “What are we going to do about it?” Here are the steps your IT help desk needs to take to assure accountability and security in a BYOD environment.
Drafting and Enacting a Functional BYOD Policy
The first step is to decide on what your BYOD policy should look like. All stakeholders need to have a say in this, including upper management, IT, legal, security, and even users. You’ll need to know what devices your users are choosing, so that you can offer compatibility solutions and support. Here are some issues to consider when drafting your BYOD policy:
- Will the company be responsible for complete or partial reimbursement for the use, repair, or replacement of an employee’s device or service?
- What devices will be allowed and supported?
- What apps are allowed?
- What apps will the company provide, support, and retain ownership of?
- Who owns non-business related data and content? What about personal photos, private emails, and the employee’s call records to family and friends?
- What should IT do if they discover inappropriate personal content on the device? Should they ignore it or report it?
- Will IT be allowed to search the device and wipe business data if necessary? If so, how?
- What antivirus software will be required? How will IT assure the software is updated regularly? Will the company or employee pay for the protection?
- What happens if an employee’s device is needed for business litigation purposes?
- What exit strategy will you deploy when a worker leaves, gets fired, passes away, etc.?
These policies are only as good as enforcement. There should be clear and consistent repercussions for those who fail to obey the rules.
Employing Rigorous Asset Management
Asset management is always important, but in a BYOD environment it is critical. IT will need a way to monitor devices, users, apps, and activity on the network. A robust asset management solution includes tracking of both hardware and software. This helps curtail Shadow IT, track abnormal behavior that could indicate a threat, and assure that users are adhering to the BYOD policies in place.
Developing Stringent Authentication and Log-In, Log-Out Procedures
Strong user authentication and regulations about public Wi-Fi hotspots and other security issues are also crucial for mobile users. Some companies require two-factor authentication or extremely strong passwords and frequent password changes. You can also set systems to automatically log the user out after a certain period of inactivity, or require re-entry of a password to access particularly sensitive areas of the network. Whichever methods you employ, just make sure that IT, legal, and security are all comfortable with the safeguards in place.
Use Consistent and Thorough Hiring & Training Practices
The success of a BYOD program is directly related to the workers on the system. Discuss with HR ways to assure that users won’t pose a risk of insider threat. Background checks, psychological testing, and rigorous training all help with this. Workers should be aware of how to identify unsafe emails, like attachments or links that open viruses or lead to phishing. They should also be trained to determine what websites are unsafe. This helps you avoid zero-day threats, or threats within your software or systems that are not yet identified.
Strengthen Communications With Remote Workers
Workers who are away from the office most or all of the time can become somewhat disenfranchised. They might not feel like a valuable and important member of the team like the ones who work in the office every day. Managers need to make the effort to include these workers in communications, collaboration, and office social functions. When remote workers feel like a part of the company, they are more likely to take your security measures seriously because they are personally vested in your success.
With the right structures in place, your BYOD policy can lead to a high level of accountability and security so that IT, upper management, security, legal, and other stakeholders can rest at ease.