However, a BYOD program is not without its downsides. Unsecured devices, jailbroken smartphones, theft, viruses, malware, and a lack of control put intellectual property, customer information, and corporate data at risk. The answer to this challenge is to develop, manage, and enforce robust BYOD policy rules to secure your corporate environment. If personnel want to use their own devices, they must adhere to some general guidelines for doing so inside an enterprise. The following 10 measures, in no particular order, offer a starting point for BYOD policy making and for enforcing multi-dimensional enterprise-wide security. It is common practice to require all devices to be password protected, but just having a single password for access is not enough. Though it might be inconvenient, the more password protection your BYOD devices have, the safer your corporate data will be. Hence, require employees to set up different passwords for applications, files, folders, and the device itself. At the same time, ensures that users do not have passwords stored on the device unless they are protected by an app that requires an encrypted password to grant access. Bi-annual authentication ensures that users are genuine. Ongoing access without re-authentication can be a threat to any organization as devices might be compromised or stolen during authenticated use. When that happens, adversaries can engage in shadow IT (refers to activities that are not approved by the organization’s central IT team) which usually results in sensitive data being leaked. To prevent compromise, you can enforce re-authentication after a certain period. Device manufacturers place controls to limit access to the underlying system. Rooting and jailbreaking bypasses these restrictions, so users have full control over the system, like the root on Linux, or the administrator account on Windows. This gives them the ability to access data and files that were inaccessible previously and to install applications from sources other than the official app stores. Therefore, rooted and jailbroken devices pose a very significant risk and should be removed from the “list of allowed devices” altogether. Grant remote access whenever possible using an encrypted and secure connection. Requiring employees to use a VPN is necessary to permit secured connections between your corporate network and BYOD devices. A VPN ensures that you have a gatekeeper to verify that all the data being transmitted from the device is being transferred to the appropriate server and is encrypted. Anyone attempting to spoof data while the device is connected to a VPN will see strings of random text. If you want high-level security for applications or documents, prevent users from accessing them offline. Also, do not allow data or documents to be cached or downloaded on local devices through LAN access or internet filtering software. Only grant access to such information when users are connected to the enterprise network. Communicate this in advance to avoid last minute surprises at the user’s end. Just as you secure your devices, you must ensure your network security is top notch. Doing so requires more than just activating Windows Firewall – you need to deploy a dedicated device such as Cisco to manage network security. During deployment, you must make sure any external device is locked out of your network. With all those smartphones, tablets and laptops coming, it is important to have robust network security in place. Operating systems for BYOD devices are designed to achieve superior security and user experience. However, security requirements and user preferences evolve on an ongoing basis. Vendors are therefore compelled to address latest vulnerabilities and incorporate user feedback to advance software development in the direction of these preferences. Improvements become available in the form of operating systems updates, so it is crucial to have employees regularly update their device software for improved BYOD program security. Undeniably, some employees will leave your organization at some point. Revoking their access to business email, data on the network, and other applications can be tricky. Maintain an exit checklist from the beginning to avoid this security lapse. On this list, you can lay out the steps the IT department should take to shut down their access. Some of the most common measures include wiping company-issued smartphones, disabling business emails, and changing passwords to any company accounts ex-employees used. MDM – Mobile Device Management – simply refers to types of software organizations can purchase and use for enhancing the security of their BYOD program. It can do things like remotely wipe all the corporate information from any device and locate stolen mobile devices. MDM also does a decent job at data segregation (the policy or principle by which storage and access of given datasets are segmented), so it ensures users can differentiate between work and personal activities. You drill codes of conduct with new recruits; the security of your BYOD program is just as important. Integrating employee education from the start of your BYOD implementation and keeping personnel updated on security best practices is an effort that will pay off long-term. Take staff members through your security plan during BYOD onboarding, and share practical takeaways in monthly meetings. Over time, you’ll see more employees leveraging best practices, as well as overall improvement in compliance. What measures has your company taken to make its BYOD program more secure? Share your answers in the comments section below.
