Allowing employees to use their own devices (Bring your Own Device – BYOD) for corporate work benefits both employees as well as the corporates. However, there are significant security risks involved, which require adequate measures to reduce threat effects.
Earlier, in the era of the Blackberry, device management had been quite simple for IT administrators. It was the primary device allowed for business communication, and other devices were not prominently used. Nowadays, there are a plethora of mobile devices running on various operating system platforms – Android, iOS, Windows OS, etc.., Not all employees may prefer the same device when allowed BYOD. It is then the responsibility of the IT security administrator to ensure the protection of enterprise business data and communication. Providing support for the devices was also a tough task.
The following is a list of measures that enable safe adoption of BYOD:
1. Known, Approved Devices
For small organizations managing and supporting different types of devices may not be feasible – cost wise and tech support wise. The management then must not allow BYOD. Or they should allow only specific devices which would make management easier for IT security administrators.
2. Mobile Device Management (MDM)
Obtain a mobile device management solution or subscribe to such services offered by Managed Service Providers (MSP). Through an MDM solution, IT admins can specify global, group and user-specific rules for specific groups of employees. Rules could specify what apps are allowed on the device, and the other facilities that are also allowed – camera, additional memory, network to connect to, etc..,
Through MDM, IT administrators can manage the apps on the devices, roll out updates for the operating systems, and applications, and schedule scans for antivirus programs. In case the device gets stolen or lost, then the device can be tracked, and if it is irrecoverable then the data can be wiped out.
3. BYOD Policy
Establish necessary of policies that must be adhered to by employees who are allowed BYOD. The policy may also specify who should be allowed BYOD, and who should not. The IT support team, the available time of support, the way to handle stolen or lost devices, the allowed personal activities on the devices, and the right to inspect the devices, etc.., are some of the important factors that must be specified.
4. Secure Network Management
It would be risky to allow access for all endpoints to all areas of the enterprise network. Access roles can be specified so that VPN networks can be set up for critical requirements. Based on the business model of the enterprise, a dedicated sub-network that does not have any access to the enterprise internal networks can be set up. This would be an advantage for enterprise security.
5. Standard Security Measures
Specify device users to mandatorily follow strong password policies for unlocking and accessing the device. Implement encryption for data stored and transmitted. Educate users on the policies to be followed, as cyber attackers typically target enterprise networks at the endpoints.
Effective use of an MDM solution helps enjoy the benefits of BYOD devices, leading to better employee satisfaction and productivity.