How to Address BYOD Security Concerns
Allowing employees to bring their own devices (BYOD) to work and access company data with them surely sounds like a security nightmare to many CIOs and IT experts. But it doesn’t have to be.
There are a lot of ways that you can get the benefits of BYOD policies while protecting your intellectual property. Network security, for one, is critical. As is passcode protection for mobile devices. Other good security tactics include data encryption and local storage limitations for personal devices.
Overall, it’s important to make your security solution – like your BYOD policy – scalable so that it can grow as you company’s mobile communication strategy evolves.
BYOD security doesn’t have to be complicated. Here’s a handy way to break it down.
1. Security risk assessment
Take some time to review the range of security risks that you might be exposed to and evaluate their associated solutions. For example, you’ll want to consider implementing anti-malware, data encryption, password protection, remote data wiping capabilities, ‘jailbreak’ prevention, and sandboxing.
The Security for Business Innovation Council created a great checklist for BYOD security programs. Here’s a quick rundown of their best ideas:
- Get your employees to sign a legal agreement
- Setup a reporting process for lost or missing devices
- Make sure that your company has the legal right to wipe device memory if necessary
- Setup a corporate account for cloud storage. Make it mandatory for corporate data
- Reserve permission to remove apps from personal devices
- Restrict network access by jailbroken devices or devices with blacklisted apps
2. Ensuring regulatory compliance
Your company might be bound by one or more compliance mandates, including the Payment Card Industry Data Security Standard (PCI DSS), the Health Insurance Portability and Accountability Act (HIPAA), or the Gramm-Leach-Bliley Act (GLBA).
Do your due diligence and make sure that your BYOD security policy complies with your industry’s data security requirements. Any device used to handle company or customer data must comply with regulations, regardless of who actually owns it.
3. Mobile device security
With so many different devices accessing your company data, your first line of defense has to be strong mobile device security. This is easy when everyone on the network is using the same device, but more complicated when you introduce multiple brands and versions. The keys to protecting various mobile devices are as follows:
- Implementing password protection, encryption, and procedures for remote data wiping in case of lost devices
- Set minimum device standards – for example, models produced before the iPhone 3GS were not made with hardware encryption, so it might be best to restrict their use
- Invest in a mobile device management (MDM) solution to monitor device usage and access
- Mandate the installation of mobile anti-virus programs
- And last but not least: education.
Make sure that your employees understand the best practices for avoiding phishing schemes and know to stay away from suspicious/unverified apps. It’s a great idea to develop an acceptable use committee to form a policy that outlines the rules and protocols for your whole company.
4. Update your software
Keep all of your software up to date to protect devices and network data. This is simple enough – just make sure that automatic updates for apps and operating systems are turned on. Moreover, if you’re using an MDM, ensure that all employees are using the latest version.
You’ll also want to perform regular data backups. If you use cloud storage systems, this is easy to do. Just be sure to retain enough memory to backup files at all times.
BYOD with BullsEye
BullsEye UC is our office phone solution that lets users take calls, check voicemail, send instant messages, and manage call features through a VoIP connection from ANY device. Visit our website or download the BullsEye UC Overview to learn how we can support your company’s BYOD policies and mobilize your office.