Bring Your Own Device Security Best Practices
Sometime ago I was given a Blackberry from the company I was working for. Instead of worrying about one smart device, I now had to worry about two. I had to learn a new OS and was constantly switching between both devices.
While not the most stressful part of my job, juggling two devices definitely had a few drawbacks. A year later, the company implemented a BYOD (Bring Your Own Device) policy. This saved them quite a bit of money while allowing me to use my own device.
While I enjoyed the convenience of using the same device for personal and business matters, the company had to worry about how to secure their data on employee’s devices. So, how do companies best approach their security concerns with a BYOD policy?
The key to any successful BYOD policy is the idea that responsibility to secure confidential data falls on both the employer and employee. While both parties can benefit from a BYOD policy, no one benefits from compromised data.
With the philosophy of shared responsibility in mind, crafting an effective BYOD policy is fairly simple. Writing out a simple and clear policy helps each party understand their responsibilities while clarifying expectations.
In Case of Loss or Theft
The first thing an employee should do if they notice that their device is missing or stolen is to contact their IT department. They’ll be able to help decide the best solution going forward.
Some companies may ask for a device containing sensitive information to be completely or partially wiped (contents of phone deleted) under a BYOD policy. While some employees may not like the idea of having their personal data deleted, others may be relieved knowing that their data is out of unknown hands. If your policy allows for remote data wipes, it’s a good idea to discuss this with this with everyone beforehand.
Stopping loss or theft before it happens is the ideal way to protect data. Training employees on how to keep their data safe should be a priority with every company.
Some companies may blacklist, or restrict certain apps on an employee’s device. While this isn’t a common practice, it is an option. Like with having the ability to remotely wipe data, it’s important to discuss this with anyone thinking about opting into a BYOD policy. Losing Angry Birds or Pandora may be a bridge too far for some.
Does the convenience and savings outweigh the potential security pitfalls of a BYOD policy? Most likely they do if the proper security measures are taken. However, every company and situation is different and while some may benefit from a BYOD policy, others may find it too restrictive or unsecure. Talk with your Technology Provider before implementing a BYOD policy.