Many businesses have started to make the switch from company-provided equipment to Bring Your Own Device (BYOD). As an employer, this has many advantages: you don’t have to buy your employees a device to work on and the employee gets to use whatever form factor they’re comfortable with and used to, be it Microsoft or Mac, smartphone, tablet, or laptop.
There are some cyber security concerns you should be aware of before you implement a BYOD policy at your organization. For one, these devices don’t have the same level of protection that you’ve applied to your corporate PCs and mobile devices. You also have no control how these devices are used outside of corporate hours.
Another challenge is personal devices brought to work solely for personal use. Think of all your staff that bring in cell phones and want to connect to the corporate wi-fi. Most companies address this challenge by creating a guest network for BYOD that bypasses the corporate network and goes directly to the internet and only allows employee personal devices to connect to the guest network. This approach is effective in significantly reducing the risk associated with letting your employees use their own devices at work.
So, how do you address this issue? First and foremost, you need to have a BYOD policy that explicitly lays outs the employees’ rights and responsibilities regarding company data on their own devices. Your policy may need to address the employee’s responsibilities in using their own device to access company information. There are also questions about what kind of IT support should be provided for the employee when they use their own device, like system updates and backups. There is a lot to consider when crafting a BYOD policy. At a minimum, your policy should spell out the following:
- Acceptable use: what applications and assets are employees permitted to access from their personal devices?
- Minimum required security controls for devices
- Company-provided components, such as SSL certificates for device authentication
- Company rights for altering the device, such as remote wiping for lost or stolen devices
- Require multifactor authentication to access all company data/email on personal devices
As you can see, there is a lot that needs to be considered when implementing a BYOD policy at your business. If you need advice drafting your workplace BYOD policy, contact QuickProtect today.
