5 Problems Your BYOD Policy Should Cover

5 Problems Your BYOD Policy Should Cover

5 Problems Your BYOD Policy Should Cover

No Comments on 5 Problems Your BYOD Policy Should Cover

Bring Your Own Device, commonly referred to by its acronym, is becoming an increasingly popular trend in the workplace both in the cases of smaller businesses and large-scale enterprises. It presents a number of advantages, including reduced costs and a higher degree of employee freedom, but it’s not without its risks either. The risks involved are often quite complex as well, not least because businesses do not have the right to monitor their employees’ usage of their own devices. However, it is also necessary to enforce a security policy to reduce the risks of sensitive corporate information ending up in the wrong hands.

Increased Chances of Data Leakage

A BYOD program greatly increases the risk of data leakage, since you have no direct control over the devices concerned. When your employees are using their own devices for accessing company resources, such as email accounts and other cloud-based assets, they will need to follow an acceptable use policy. When it comes to security, mobile devices tend to be the weakest link, so your BYOD policy should always insist on regular software and operating system updates and the banning of using certain high-risk apps for work-related purposes. You should also require your team to use a VPN whenever accessing company resources from public Wi-Fi.

Device Vulnerabilities

Devices owned and operated exclusively by the organization and its employees tend to run the same software and operating systems, which are all overseen by a network administrator who can address any security concerns on a system-wide basis. By contrast, a BYOD program inevitably involves a far broader range of devices and software, greatly increasing the potential security vulnerabilities involved. Again, a VPN can help reduce such risks, but you may also want to consider including only certain devices in your BYOD policy. Taking the view that, if you allow one device, you should allow everything else, is not a good idea.

Mixed Personal and Corporate Data

While businesses have complete control over their own IT assets to the extent they can disallow any personal data or usage on their own machines, it would be unreasonable to expect your employees to do the same with their own devices. Since mobile devices are at an increased risk of getting lost or stolen, it is imperative that any potentially sensitive data stored on them is adequately encrypted. Encryption will ensure that the data will remain safe even if it ends up in the wrong hands. Another way to mitigate the risks is to have a strict password policy in place, such as temporary one-time access passwords for those using their own device.

Problem Software

Your BYOD policy should clearly outline the requirements of any device that is allowed to be part of the program, taking into account any potentially problematic apps or hardware. For example, jailbroken iPhones are at increased risk of getting malicious apps on them, in which case you might want to exclude them from the program. Certain apps may also pose a problem, even if they are only intended to be used for personal reasons and not for accessing or working with any corporate data. As such, you may want to consider blacklisting certain apps in your policy and excluding any devices that use them.

Unhappy Employees

Unhappy employees, especially those who have been discharged from a company on terms they deem unfavorable, are a common source of risk when it comes to sensitive corporate information falling into the wrong hands. Your BYOD policy should make it clear that any such information contained on employees’ devices is still the property of the company even after their departure. You may be able to monitor any continued access to things like cloud services your company uses from banned devices. However, you should also have your employees sign an acceptable use policy concerning the use of their mobile devices for work-related purposes.

Final Words

All employees involved in your BYOD program should first sign an agreement that highlights important factors such as the following:

– Users are responsible for backing up and looking after their own data.
– Users are responsible for device updates and maintenance.
– Users must be prepared to remove blacklisted apps.
– Company network access will be restricted to non-compliant devices.
– Consequences of any violations to the policy must be clearly stated.

Ultimately, the success of any BYOD policy depends on your employees’ willingness to use their own devices in accordance with the rules you set, so it’s important to find the right compromise between the inherent risks involved and the freedom of your team.

About the author:

Justin Soenke is a trend-based serial entrepreneur and thought leader in the areas of cyber-security, web design, SEO, social media, eCommerce and managed IT. Justin has overseen the creation and success of over a dozen companies in the technology, security and media sectors, and is the contributing source for his SB Design Blog, SB Tech Blog and SB SEO Blog among regular contributions to many outside blogs and websites, all for our clients.

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Please follow & like us :)

Subscribe to Emails

Our Address

Mailing Address
Phase 3 Enterprises, Inc.
PO Box 369
Santa Barbara, CA 93116

Call Us Today!

Contact our team of professionals — your single point of service for all your IT, Web design and SEO needs.

Phone Support Hours
Mon - Fri: 8am to 5pm
tel 805.964.3235
fax 805.715.8107