10 tips for creating a Secure BYOD Policy for your Company

10 tips for creating a Secure BYOD Policy for your Company

tablet-626090_1920As a user-generated movement, Bring Your Own Device (BYOD) is clearly unstoppable. Every study and poll out there show an inexorable, growing adoption curve that shows no sign of slowing down.


BYOD sure does offer cost savings to enterprises. However, it also poses important security risks if the right precautions aren’t taken. If you haven’t done so yet, the time has come to regulate this BYOD business in your, er, business.

In fact, in a recent poll 50 percent of companies said devices needed to be registered for security purposes; however only 32 percent required the registration needed for the right security software.

In the same survey, 17.7 percent of respondents admitted that they don’t tell their IT departments when they are using their personal devices for work purposes.

With these statistics in mind, it is important to establish a comprehensive BYOD policy so that employee satisfaction is maintained without compromising business data security.


10 Tips for Creating Viable BYOD Policies

If you want to regain control over BYOD security in your organization, you need to have a well-designed policy in place.

1. BYOD POLICIES SHOULD BE LONG TERM

Your BYOD policy should be endpoint independent so you can make allowances for new or emerging devices and platforms.

Additionally, your policy should be built for long term use. If you are constantly revising your BYOD policies, then you will have a hard time enforcing the established guidelines.

To further reduce confusion and security risks, you can establish different BYOD policies for contractors, temporary, part-time, and full-time employees.

2. INVOLVE ALL PARTIES IN THE PROCESS

All interested parties need to be involved in the policy creation process. This means everyone –from senior level team members to the HR, IT, accounting, and legal departments– should be involved.

Including these team members will help you create a comprehensive policy that meets all your security, functionality, regulatory, legal, and technology requirements. What’s more: any red flags or controversies can be properly addressed before they cause any impact.

3. DON’T FORCE POLICIES, ADJUST

You wouldn’t force a round peg into a square peg, so don’t try to do the same thing with your BYOD policies.

What works for one company might not work for another. The goal is to create a policy that meets the needs of your employees without compromising data security.

By adopting a mentality of continuous improvement you can create a policy that can be implemented in stages to achieve flexibility, security, and –of course– support from employees.

4. CREATE A LIST OF PERMISSIBLE DEVICES

Some devices are simply not suitable for BYOD. With this in mind, it is far better to draft a list of the exact devices, as well as the security requirements they need to meet, in the earliest stages of your BYOD policy implementation.

Additionally, you should insist that employees take all of the maximum precautions when selecting passwords, using screen locks, and accessing your business network.

5. EFFECTIVELY COMMUNICATE BYOD POLICIES

These policies only serve a purpose if the people using them understand the requirements, and are aware of the process.

Whether it is holding an informational session, creating a guidebook, or sitting each employee down with your IT department, one thing is certain –if you fail to properly communicate your BYOD policies, then each user could pose a potential threat.

Finally, make sure that your explanation materials are properly tailored to each audience, including your support staff, managers, end users, and various departments. Once again, transparency is KEY.

6. CREATE A POLICY THAT BENEFITS BOTH EMPLOYEE AND BUSINESS

A BYOD policy is only good if it is mutually beneficial to the employees and the business. As such, you will need to define policies that employees will actually use.

For example, depending on the sensitive nature of your business, you might not need to access your employee’s personal apps or disable the screenshot feature. Instead, you should focus on policies that maintain enterprise security data without infringing on the privacy rights of your employees and their devices.

7. EMBRACE THE FREEDOM OF CHOICE BYOD OFFERS

At its core, BYOD is a consumer-led revolution. Simply put, it is about freedom of choice. By embracing this concept you can create a comprehensive BYOD policy without opening the door to security risks.

In this spirit, be sure to offer employees a few options about what types of apps they can use courtesy of your enterprise app store.

8. MAKE A SEPARATION BETWEEN WORK AND PERSONAL USE

A BYOD policy needs to draw a clear line between employees’ work and personal lives. This means that work apps can never be used for personal matters (and vice versa).

Additionally, you should make sure that there is a clear separation between personal and work lives when it comes to using calendar apps, creating contact lists, and sending emails.

9. DON’T LEAVE DATA LOCALLY ON THE DEVICE

If you want to avoid heightened security risks, then you need to create a BYOD policy that doesn’t leave data on the device.

This means making sure that employees aren’t using apps that store data on their device. You should also have a strategy in place to handle transferring data back to a company should an employee quit or be let go.

As a fail-safe, you can use a cross-platform security solution like Prey to track, recover or –if it comes to that– remotely wipe all data from a device.

10. PROTECT YOUR BUSINESS FROM LIABILITY

When you create a BYOD policy, it is important that you protect your company from the liabilities associated with any employees who engage in inappropriate or illegal behavior on their BYOD devices.

From driving and texting to the inappropriate use of certain websites, there are many behaviors that could expose your company to claims of negligence or harm.

Fortunately, a good BYOD policy will not only ban these types of behaviors, but it will also protect your company from their potentially harmful impact.


Conclusion

Creating a secure BYOD policy for your company is about protecting vital business data and, at the same time– taking precautions that make it possible to give employees the freedom to use their personal devices in the workplace, for work-related purposes.

That’s what the 10 tips above show: it is possible to create a comprehensive BYOD policy your employees will appreciate and protect valuable business data and assets.

The moral of the story is clear: with the right precautionary steps, developing a BYOD environment has never been easier.

 

data protection and anti theft

Nicolas Poggi

Nicolas Poggi

Nicolas Poggi is the head of mobile research at Prey, Inc., provider of the open source Prey Anti-Theft software protecting eight million mobile devices. Nic’s work explores technology innovations within the mobile marketplace, and their impact upon security. Nic also serves as Prey’s communications manager, overseeing the company’s brand and content creation. Nic is a technology and contemporary culture journalist and author, and before joining Prey held positions as head of indie coverage at TheGameFanatics, and as FM radio host and interviewer at IndieAir.