You are addicted to your smart-phone and rely on it for most of your daily tasks. Whether it is sending emails, working on documents, playing games, listening to music, watching movies or staying in touch with your friends and family, you use your smartphone as your daily driver. Ever wanted to take your mobile devices with you to work and use it as your workstation? With Bring Your Own Device (BYOD), now you can.
What if you are a business owner? You won’t welcome new devices in your existing network because they pose a security risk. You know mobile devices are soft target for hackers as they easily get access to sensitive data stored in these mobile devices. On the flipside, you also want to give your employees freedom to work from the device of their choice, so you can not buck the trend of BYOD.
According to the Statista prediction, every person will own a whopping 6.58 connected devices by 2020. BYOD trend will skyrocket. As a business, you can find the sweet spot by establishing a BYOD policy. How can I implement a BYOD policy in my organization? Here are seven critical steps your company must taking to implement BYOD policy successfully.
1. Mention Allowed Devices
Go back a decade in time and you will only find Blackberry being used for work. There are no other devices until iOS and Android burst on to the scene. Today, you will find devices of all shapes and sizes in workplace. You should decide on which devices you are going to allow and which ones to ban. Tell all the employees about the permitted and non-permitted devices, especially those who are interested in bringing their own devices to work.
2. Create a Strict Security Policy for Devices
No one would prefer a password or lock screen on their personal devices, especially if you must unlock the device hundreds of times. As a business, you need to implement stringent security policies and make employees follow all the rules to ensure that all the sensitive data on mobile devices stay safe.
The criticality and volume of data stored on mobile devices is much more important than the hassle your employees will face when unlocking their personal devices multiple times. Ask employees to set stronger, lengthy password by using a mixture of alphanumeric characters. Consult with your system administrators and security professionals to reach a consensus on which security policies you should enforce.
3. Clear Service Policy for BYOD Devices
Setting boundaries is another great way to maintain security and safety of mobile devices. Make employees understand the boundaries you have set for them in service policy for their personal devices. To create a successful service policy, you need to consider what kind of support will your IT department will offer. Will you provide support for application installed on employee devices? What level of support will employee enjoys when they connect to your network? Answering all these questions will assist you in creating a clear service policy.
4. Clarify Who Owns Apps and Data
It is important to know who owns the apps and data stored on employee mobile devices. In most cases, companies letting employees bring their own devices will get access to their data and store it on their servers. This comes in handy when the employee devices either get lost or stolen. Your BYOD policy must make it clear that who has the right to wipe out data in case it is lost or stolen. Educate and guide employees on how they can keep their data backed up and restore data in case of any issue.
5. App Permissions and Access
Not only devices, you can also control what apps you allow and ban. You can prevent users from downloading, installing and using apps that pose a security and legal risk that have access to your corporate resources. This saves you from malicious apps or security vulnerability found in latest mobile apps. You don’t want a malicious app to be installed on a BYOD device connected to your organization network because it can let hackers access to your network and wreak havoc on digital assets.
For instance, the latest Twitter app has a security loophole in its integration with mail app on android. This will give hackers an opportunity to relay email through your company. What if a insecure instant messaging provider give hackers access to contact details of all your employees along with other sensitive information? These scenarios can occur if you don’t have strict app permission and controls in place, especially for BYOD devices.
6. Integrate BYOD Plan with Acceptable Use Policy
If your company is treating corporate issued phones as other devices such as laptops and desktops on your network, you are moving in the right direction. Make sure you prevent employees from connecting to VPN as it might raise suspicion about the activities performed through your network. Keep everything transparent by organizing discussion sessions on acceptable use policy so that all of the employees know what lies inside or outside the acceptable use policy. Make sure to have monitoring tools to keep an eye on such behavior.
7. Have an Employee Exit Strategy Ready
Most companies never thought about what will happen if the employees with devices leave the company. That is why they fail to remove all the data, tokens, email access and proprietary apps from their devices. Some companies ask their employees to return their devices or disable their email and turn of synchronization access before exit interview but that is not enough to ensure safe exit. Security conscious companies will wipe out data from BYOD devices and let users back up their personal data and apps before they leave. Helping employees in getting things in order before quitting the jobs will save you from a lot of hassle later.
What steps you have taken to implement a successful BYOD policy? Feel free to share your experiences with us in the comments section below.