BYOD: it might as well stand for “Build Your Own Disaster” or maybe “Bawl, Yell, Or Drink.” However, many if not most companies find that the advantages of having a “bring your own device” policy outweigh the disadvantages, regardless of the headaches that can ensue for the IT department.
Your IT team is well aware of the security, data, and network bottleneck risks that are in play when people are allowed to bring their personal mobile devices to work and use them for company business.
Geography and the sheer range of available platforms make BYOD complicated, to say the least. But it doesn’t have to be bad if you go about implementing BYOD in a considered, logical manner. Here are the steps that can successfully lead your organization to the BYOD promised land.
Unrelenting stress can lead to headaches, high blood pressure, and poor choices in hairstyling and accessories.
1. Evaluate and Strengthen Network Security
Before BYOD is implemented, you need to know every piece of hardware on your network. That way if new devices pop up, you’ll have a better idea of how to isolate and deal with them. For BYOD to work securely, your network should be locked down with hardware-based firewalls. Ensure all security patches are applied to your servers, and make sure all domain administrator passwords are up to scratch. Many organizations choose to enforce continuous encryption so that all stored data remains encrypted when not in use.
2. Shore Up Your Password Policy
It’s time to get serious about password policy. Think about it: your users are going to be using devices on your company network – devices that may be taken anywhere. Weak passwords are a huge vulnerability because they could end up giving network access to exactly the wrong people. You need to impose a strong password policy for everyone and require that passwords be changed on a regular basis. Sure, people will complain, but that’s too bad. Explain why a stout password policy is necessary and enforce it consistently.
3. Make Everyone Attend BYOD School
Serve cookies and milk at 3 p.m. They’ll love it.
BYOD can represent a major, positive change for end-users, but they must understand the risks involved. End-users should be instructed on the importance of keeping anti-malware software up to date and how to do so. They also need to know not to use their devices on unsecured networks. It’s much better to invest the effort up front in educating people than having to deal with consequences later. Make sure every end-user understands the risks of a confidential information breach due to lax BYOD practices.
4. Define and Limit Supported Platforms
Contrary to what some believe, BYOD is not synonymous with “anything goes.” Decide up front which platforms your organization will support and provide end-users with a list. Require that every device brought in be registered with information including device type, MAC address, and user. You need this so you can track down network abusers or block offenders from the network. Every acceptable device should meet basic security requirements, and depending on your end-users, you may need to physically inspect every device to make sure it hasn’t been jail-broken or rooted (which could make it easier to circumvent security).
5. Define Application Requirements
Only applications that maximize productivity and that allow for solid BYOD management should be allowed. Your IT team should define the types and titles of applications that you will allow to be used on your company network, or you risk proliferation of everything from games to chat apps to dating site apps chewing up bandwidth. The last thing you need is for your IT service desk to get help tickets asking why someone’s Pandora station isn’t streaming correctly on their phone.
It’s a mobile world today, both personally and professionally, and in a mobile world, the “network perimeter” doesn’t mean the same thing it did in the old days. But organizations of all types are embracing BYOD because of the productivity gains that can result. If your organization is considering allowing BYOD, it is essential that everyone from the executive floor to the summer intern bullpen knows what the risks are, and what the consequences are if they are found to be abusing the BYOD policy. When your IT team has powerful software like Samanage, they have the powerful service desk tools required to keep the IT ecosystem humming along, and the asset management tools needed to ensure that only approved devices are using the network.Steps to Ensure a Successful BYOD Security Strategy Click To Tweet