What do Businesses Need to Know About Planning a BYOD Strategy?
So you’ve decided to embrace BYOD in your organisation, but what does this mean? BYOD stands for ‘Bring Your Own Device’ and it refers to the practice of employees bringing their own mobile devices into the workplace for the purposes of connecting to your network, engaging with your enterprise applications and customer data to get their jobs done.
Sure, BYOD is a great thing for productivity (and you can read more about the pros and cons of BYOD here) – it allows your people to get more done on a device they’re familiar with, but it’s also risky. Each new device brought into your network environment is a potential vulnerability that must be safeguarded to prevent that device being used as an entry-point for unauthorized access.
In order for BYOD to effectively balance cyber security requirements with your employees’ need to be productive it is necessary to have a policy in place that clearly details the organisation’s approach to BYOD. That’s right. For everyone’s benefit, you need a BYOD policy in place.
How do you plan a BYOD policy for better security?
Establishing security for external devices starts with BYOD policy creation, which means that it will be necessary to identify the objectives of BYOD within your organisation. This policy will need to address considerations such as the goals of the BYOD program, identify which employees can bring their own devices, define which devices will be supported, determine the access levels that employees are granted when using personal devices. And that’s just the beginning.
Your BYOD policy will also have to evaluate:
- Who will pay for the devices and data spend required?
- Which regulations (legislative, industry, or otherwise) must be adhered to when using external devices?
- What measures (configuration, software installation and the like) will be taken for securing devices before they can be used with company systems?
- Where will data from BYOD devices be stored? (locally, in the cloud – these are major concerns, given PoPI’s requirements that personal information be locally stored and hosted)
- Will there need to be contract that employees sign that enable them to bring their own devices, if they so choose?
- What happens in the case of an employee violating the terms of your BYOD policy?
- What privacy will be granted to employees using their own devices for work purposes?
- What support (software updates, troubleshooting, maintenance) will your organisation provide for users that bring their own devices?
- What cyber security safeguards do you need to put in place if a device is compromised?
- What methods will be used to secure devices before they are retired, sold, or disposed of?
- What happens to applications, data and systems’ access once that employee leaves your company?
Addressing BYOD effectively needs to be a collective effort
Once a policy has been put in place, maintaining BYOD security depends on your company’s ability to educate its employees on BYOD best practices. You’ll need to implement effective device management and support, be ready to enforce your BYOD policies. Employees that are not trained on BYOD security will only increase BYOD risks for your company – which makes it important to ensure that the creation of a BYOD program is a collaborative effort between your employees, IT and security teams, and management. BYOD needs to work for everyone – not just create headaches for everyone.