To the Cloud and Beyond: The Five Most Important Aspects of a BYOD Security Plan

by Guest Author on October 1, 2012

in Articles, Guest Posts

You know it’s happening: employees are using their own personal mobile devices for work, accessing sensitive data and possibly compromising your network – and your business. In fact, according to some studies, more than half of employees use their own devices for work regardless of their employer’s policies regarding such usage.

In response, many companies have moved to a formal bring your own device program. With this move, stricter policies and protocols are governing the use of personal devices such as smartphones, tablets and laptops. The primary concern of these organizations is the security of their networks and data. Many have begun to adopt mobile device management programs to manage their employee’s devices and keep their systems safe.

Companies that are new to the BYOD environment, though, may not know where to focus their efforts when it comes to MDM. When developing a policy for using personal devices, companies should focus their efforts in the following areas:

What Can Be Accessed via Mobile Devices

The first aspect of any BYOD security plan is determining what information can be accessed via mobile devices. In some cases, such as in the healthcare field, the company is legally required to protect sensitive data and the consequences of failing to do so are devastating. Organizations need to determine what can be accessed away from the network by mobile devices and what security protocols will be put into place to secure the data that is accessible. For example, companies can require that mobile devices can only use encrypted data networks or institute multiple layers of authentication in order to gain access to company systems and databases.

Application Control

One of the major selling points of Android-powered and Apple devices is the thousands of applications that allow users to do everything from manage expenses to check spelling. While apps sold through established stores such as iTunes are generally legitimate, they have been checked for malware by the shop. For every “clean” app there is another that contains malware and this can potentially create security breaches. Your BYOD security policy must include an application management feature to prevent malicious software from attacking your network. Choose a MDM program that automatically checks apps for malware.

How Much Support to Provide

With the potential for nearly every employee to be using a different device, the potential for support headaches is great in a BYOD environment. Your security policy needs to outline the standards for device replacement and upgrades, and how much support IT will provide when things go wrong – and what will happen when the problem appears terminal.

The Next Security Requirements

Decommissioning Devices. When a device is lost or stolen, or the employee leaves the company, how will you handle the sensitive data on the device? Ideally, according to security software company Trend Micro, any technology management must allow for phones to be locked or wiped when no longer in use, preventing unauthorized access to data and systems. Be sure that your security policy clearly outlines the protocol for decommissioning a device and that all employees are aware of the policy.

Protection from Potential Legal Issues. Finally, a security policy needs to address issues that aren’t related to the device itself, but cover the use of the device and potential legal implications that may arise from using devices. For example, will employees be compensated for checking email outside of office hours? And how will you handle cases of using devices while driving? These issues may not compromise your data, per se, but they could have a devastating effect on the company’s bottom line and should be addressed.

Perhaps the most important aspect of any mobile management policy is that it’s presented in writing – and all employees understand their responsibilities and the implications of the policy. The policy should be a living document, constantly updated to reflect changes in the mobile environment. By taking the time to develop such a policy, you increase the chances that your company will stay safe and secure, and avoid the financial consequences of a serious data breach.

[tp lang=”en” only=”y”]

Guest article written by: Joanna Reed is an internet security consultant. She worked for government systems up until recently; in her own experience, she uses systems such as Trend Micro Technology Management.

[/tp]

[tp not_in=”en”]

Guest article written by: Joanna Reed is an internet security consultant. She worked for government systems up until recently; in her own experience, she uses systems such as Trend Micro Technology Management.

[/tp]

Comments & Leave a Comment

comments

{ 3 comments… read them below or add one }

Caressa October 4, 2012 at 04:28

I am amazed at a number of very large companies are so lax with their technology use. Many middle managers are still totally clueless when it comes to the basics of wireless devices. Large corporations can move slowly when implementing security measures down the ranks. This slow movement can have disastrous effects.
Caressa recently posted… By: Looking for Online Work From Home

Reply

Mary Warsaw October 8, 2012 at 15:54

“Finally, a security policy needs to address issues that aren’t related to the device itself, but cover the use of the device and potential legal implications that may arise from using devices. ”
This is the best passage from the article.
Thank you for your hints. It helped me a lot and improved my mood 🙂 I will certainly use your advice.

Reply

Claud December 20, 2012 at 18:02

This is a very helpful post and it answers so many questions that were pooling up in my head. I have decided to move forward with BYOD implementation in my own office.

Reply

 

Leave a Comment

CommentLuv badge

{ 10 trackbacks }

Previous post:

Next post: