In a BYOD work environment, end-users access their network profiles and other secure data using their own devices. These devices range from phones to tablets to laptops, and by instituting BYOD, you enable greater flexibility, but you also have to have a policy that will minimize the risk of security problems. If your BYOD policy is too strict, employees might not bother, and you may risk lower productivity as a result. But if your BYOD policy is too lax, you could open the door to the kind of disaster that makes even the most hardened IT professional quake.
Here are some tips for preventing BYOD disasters.
Do you want to be responsible for this?
“Vaccinate” Your BYOD Ecosystem Against Viruses
One of the greatest risks of an unchecked BYOD policy is the potential for network penetration by viruses. Even with a secure professional network, BYOD means you’re giving network access to devices that are originally for personal use. When they’re not at work, your end-users will continue to click links and open email attachments that can infect their devices, and should they open a portal into your organization’s network with compromised devices, viruses can infect it too.
The result can be hundreds of man-hours spent detecting repairing, and removing damage caused by viruses; man-hours that could be used on other projects. It’s essential that your organization develop standard rules on network control on the level of both the device and the secure access provided to the end-user. Network access rules also mean your network won’t run out of IP addresses or have rogue devices acting as DHCP servers that provide IP addresses in conflict with your network. Your best bet, in short, is to begin your BYOD era with tighter regulations, with possible controlled relaxation of the regulations as circumstances permit.
Dealing with Stolen Devices
Another security problem inherent with a BYOD environment is when devices with permissions to access the network are lost or stolen. Of course the end-user understands how it’s a problem for him, but he may not realize how big a problem it can be for your organization’s network. A user could, for example, lose her phone while she’s on vacation, then replace it without remembering that the lost device was synced to access data and cloud-hosted work apps. End-users must be educated on what to do should one of their personal devices used at work be lost or stolen. Fortunately, there is software available that can delete synced BYOD data and device access, and every end-user must be aware of the importance of this process when a device goes missing.
The wearing of ski attire in a non-skiing environment shows that this dude has no problem with wrecking your network.
BYOD and Easy Cloud Access
Many BYOD end-users may not be aware of just how their devices are geared to be easily accessed via the cloud. This access can pose a security threat to the entire network. The iPad is a prime example of this phenomena. Suppose you open an email on your iPad. In one click, you can make it so it can be read by anyone with access to the device whether in person or through the cloud. Yikes!
Don’t Forget Copyrighted or Illegal Data
Technical concerns aren’t the only ones you need to think about before you implement a BYOD policy. Intellectual property is another important concern. Can copyrighted or illegal data be moved inside the BYOD ecosystem? If so, you could be in for legal problems on top of technical ones. You’ll also need to think about your employees who telecommute. While BYOD is great in allowing people to work from home, you need to address questions about things like whether the network has the right to enable GPS software in a BYO’d device. Should the network be able to know where the end-user is when they are accessing the network? Questions like these left unresolved can be an HR and employee morale nightmare.
Merging the business and the personal through BYOD requires strict rules so the network can function safely on the technical level, the security level, and the legal level. Your BYOD policy should also consider potential problems with employee privacy (like the GPS example mentioned above). It’s not easy, but when done correctly and with due oversight, your BYOD policy can increase productivity and have a positive effect on employee morale.
Samanage makes leading edge IT asset management software that can make a key difference in the success of your BYOD program. By knowing what software is installed where at any given moment, you lower the risk of security lapses, or violations of software license agreements. Furthermore, Samanage offers the IT service desk capabilities that can enable your service desk workers to efficiently take care of the additional responsibilities they take on when your company institutes a BYOD policy.
Photo Credits: Phaitoon / freedigitalphotos.net, chanpipat / freedigitalphotos.net