Most companies now let employees use their own devices for business to some extent. However, Bring Your Own Device (BYOD) policies only work properly if everyone in the organisation is aware of, and committed to, following the appropriate security policies.
Rick Bell, Innovation Architect for UXC Connect, said, “BYOD is a fact of corporate life so the question is how to govern it effectively. People are often tempted to bring their own device because the technology is often more advanced than what they are likely to be issued with in a corporate device. Often, it’s the senior executives that expect to be able to plug their new device into the corporate network without due consideration for security policies.”
BYOD security policies must take into account that, regardless of the device used, the network must be secured to protect the crucial data on which the organisation relies. Mobile devices, if not properly secured, can introduce malware and security breaches that can compromise the security of the entire business.
To overcome this, organisations must put clear guidelines and policies in place on what types of devices are acceptable and what needs to be done to ensure they are secure. These policies must be communicated in a formal manner to ensure all employees are aware of the requirements and, potentially, any penalties for non-compliance.
Rick Bell said, “Corporate network security is vital, and organisations cannot take chances when it comes to introducing new devices into the network. There must be standards and systems in place to maintain that security. For example, a mobile device might include security measures such as encryption, two-factor PIN authentication or containerised applications and data protection. Not all consumer devices can do this, which means those devices may not be appropriate for the corporate environment.”
Additionally, organisational policies should be set and overseen by a committee that includes senior executives from both business and technology.
Rick Bell said, “Because senior executives often expect to be able to use their personal devices in the business network, it is essential to educate them regarding the risks of doing so. One of the most effective ways to achieve that is to include them in the steering committee that develops, communicates, and enforces the rules regarding BYOD. This can help reduce the risk that executives think the rules don’t apply to them, and most importantly, it espouses the right security-sensitive culture across the organisation by leading through example.
“Policies and standards can be enacted through an enterprise mobility management platform. This is fairer on everyone because expectations are set across the board. And it reduces the number of unauthorised devices that can compromise the network.
“By doing this, organisations can then leverage mobility initiatives and BYOD policies to deliver the benefits with the assurance that network and information security will be maintained.”