The widespread availability of mobile devices, along with faster internet and cloud computing has allowed employees to work from anywhere, especially with their own mobile devices (Bring your own device – BYOD). Faster or rather immediate communication has great benefits for business. Faster response, faster turnaround, faster service is a much-desired factor in business. The enterprise/organization that provides faster response wins. There are innumerable types of mobile devices and employees have their own preferences of devices. Many organizations have embraced BYOD Policy and have reported significant benefits from allowing BYOD.
The direct benefit has been a significant boost in productivity. The mobile devices being used seem to have moved over to smart phones and tablets from laptops, due to the convenience in handling them. Employees are also able to use the same device for professional and personal work. However, using the same device for both purposes carries great risk.
The Requirements of a BYOD Policy
1. The rules of the policy
Enterprises – of whatever size they maybe – must immediately implement a strong and effective BYOD policy. A document must be prepared that thoroughly specifies the rules. It must spell out the devices and applications that are allowed and what they are allowed to be used for. Basic rules must be specified and built upon as requirements arise.
2. Employee Education and Awareness
All employees must be thoroughly educated on cyber security. An endpoint is the weakest link in an enterprise network and this is the point that hackers and cyber criminals focus their energies. Employees must be made aware of the implications of insecure passwords, phishing attempts, opening malicious mails and attachments, etc.., It is better to restrict other applications on the device. But this does not go down well with employees.
3. Network Security
A secure network is very important as employees will be accessing the enterprise network and servers through their mobile devices. Roles must be defined which would allow employees access only to the areas in the network that they must have access to for their professional needs. Unnecessary access to other areas must be blocked/not allowed. An insecure network is like an open book which would allow access to all endpoints (devices) connected to the network and could also allow access to the enterprise servers.
4. Endpoint Security
The IT security administrator must ensure that an effective endpoint security – antivirus – is installed and regularly updated on each and every device. BYOD will be beneficial only if the devices are completely secure, and implementing a Mobile Device Management policy would be very fruitful. This would make it easier for the IT security administrator.
5. Device costs
Allowing BYOD would help the enterprise save on device cost, which could be significant for a large enterprise. Some employees may expect the enterprise to bear a part of the cost, and it is a decision that the enterprise must decide on.
Embracing BYOD will be beneficial only with a well implemented BYOD policy.