Is your company managing BYOD?
Mobile devices have improved productivity, but they have created new security challenges
BYOD (bring your own device) has created a true anytime/anywhere work environment, and with device prices falling and features growing, it is no wonder that BYOD is becoming so popular. It is estimated that approximately 38 percent of companies have stopped providing computers to their workforce and are becoming entirely BYOD.
As we are making decisions based on productivity, it is also important we still consider security and compliance. Your phone is essentially a computer in your pocket. You know BYOD comes with risks, so you need to consider what the vulnerabilities are, and what you need to have in place to protect your firm. Here are three you must have in place to make BYOD a success:
• Written mobile policy: A policy is an absolute necessity if your program is going to work. It must be clear as to what is acceptable and what is not. It should include things like who can bring their own device and will it be fully or partially paid for. Also, cover what the procedure is for reporting lost or stolen devices and what the consequences are for not complying with the policy.
Additionally, define how to get a device approved, and also what happens when the employee departs as well. There is a lot detail that will need to go into this policy, and your business’ unique needs will define it.
• Mobile device management (MDM) software: Software to manage all of these devices will be absolutely essential in managing this program. There are many companies that can provide MDM software, or the management service, for you. You need to research which solution will work best for your needs. Modern MDM software can minimize most disadvantages/risks that we discussed above. You will be able to monitor all devices across multiple operating systems, push policies, limit apps that are available, remotely wipe devices, set and control security preferences per user and so much more.
One really cool feature to consider is running two environments on one phone or tablet, log in to one side and you are on your personal phone, log in to the other side and you are on your corporate environment. This would be very beneficial if you ever had to wipe the phone. You’d be able to wipe the corporate environment only. If you are staffed with your own IT department you will need to discuss this type of software. If you do not have your own resources you may need to reach out to an expert.
• IT admin training: You may need to look into additional training for your current IT staff, especially if you are implementing new MDM software. You would need to set up a testing account and let your staff play with their own devices prior to launching. Not only will they be tasked with learning a new tool, they may also find it hard to start saying no to co-worker/friend requests, and referring them back to written policy.
If you are already allowing BYOD, you should make sure that at an absolute minimum employees are utilizing the basic security features that are likely built into their device:
• Enforce a strong passcode to access the company’s network. Passwords should be at least eight characters and contain lowercase and uppercase letters, symbols and at least one number. On a cell phone, requiring a passcode be entered will go a long way in preventing a stolen device from being compromised.
• Require that all mobile devices be encrypted. Encryption is the most effective way to achieve data security. Encryption scrambles data so it can’t be read by unauthorized users. iPhones encrypt data by default when you turn on a passcode. On Android devices, you often have to turn on encryption separately. Depending on which version of Windows your laptop or tablet is running, you can also turn on the built-in encryption.
• Make sure they can remote-wipe their phone. Enable “find my phone” features: Apple’s Find My iPhone and Google’s Android Device Manager help users locate lost phones and allow them to delete data from stolen ones. Additionally, make sure employees have a backup of their personal files so, if someone does have to wipe the device, their data is not lost forever.
• Keep the device’s software up-to-date. Thousands of new threats are created daily, so it’s critical that you’re updating your mobile device’s security settings frequently.
So long as you are managing the risks, there is no reason that your business cannot experience great success with BYOD.
Tim Howard, president and CEO of RMON Networks in Plaistow, can be reached at 603-869-7323.