The rise of mobility has changed the way we work to the extent that portable devices have become business growth enablers. But providing company-issued smartphones, tablets, and laptops to employees doesn’t come cheap. Many people also don’t like the inconvenience of having to carry around two devices or learn their ways around a new operating system.
To reduce costs and increase productivity, more businesses are allowing employees to bring their own devices for work. While the benefits are indisputable, implementing a bring your own device (BYOD) policy can introduce fresh security risks if proper precautions aren’t taken. Some employees don’t even tell their IT departments if they’re using personal devices for work, which makes it near impossible for administrators to keep track of their data.
Today, every business should have a BYOD policy. Here are four ways to make it work:
#1. Specify which devices and applications are permitted
Things were much simpler a few years ago when most of us used BlackBerry devices for work. But with only 11 million worldwide BlackBerry users, down from 80 million back in 2012, they’re now relatively obscure. Instead, Android-powered devices and iPhones dominate the mobile market, while laptops and tablets typically run Windows 10 or macOS. On top of that, there are dozens of brands and hundreds of different models.
Chances are, you probably don’t have the resources to permit every single type of device in your BYOD policy. In other words, there’s no point in including Apple devices if your IT department is familiar only with the Android ecosystem. Make it clear to your employees which devices may be enrolled in the program and which level of support you intend to offer.
#2. Establish a unified security policy across all devices
Mobile security habits are notoriously poor. Many people don’t even use lock screens for their mobile devices, even though they’re likely using them for accessing email, bank accounts, and other sensitive data-bearing systems. That’s not a risk you can afford to take when confidential business information might be at stake.
Your BYOD policy must include terms for acceptable use, a password policy, and any other security controls that might be necessary. For example, business systems should typically be inaccessible without multifactor authentication or when an employee tries to connect to a public Wi-Fi network without going through an enterprise VPN. Administrators must be able to grant and revoke access rights to any account or device from a centralized dashboard, as well.
#3. Make it clear who owns which apps and data
Employees can be reluctant to enroll in BYOD policies out of fear they’ll end up surrendering control and ownership over their apps and data. After all, no one will agree to a policy that requires them to uninstall apps they’ve purchased for themselves and to allow their employer to monitor their personal communications. That’s why it’s essential to protect your employees’ right to privacy and make it clear who owns what.
If any business data is to be stored on personal devices, you’ll need to include a remote wipe clause that lets you remotely destroy business data on devices reported lost or stolen while taking every reasonable effort to avoid harming employee-owned apps and data. The better choice, however, is to avoid storing business data on the device in the first place. Instead, let people use their own devices to access apps and data hosted in the cloud. That way, you only need to control access rights rather than the device itself.
#4. Set up a straightforward employee exit strategy
When an employee leaves the company, you need a way to revoke access rights to any apps and data they previously used for work. Employees should also be free to leave your BYOD program for any reason. To allow for these situations without adding risk, you need a system for removing access tokens to things like email and other proprietary applications.
Since it’s hardly reasonable to remotely wipe an employee-owned device containing personal data, you need an exit strategy that protects your employees and your business. This usually involves disabling access to remotely hosted resources or wiping the partition on the device used for storing work-related apps and data.
Wood Dragon IT provides tailor-made product and pricing plans to align with the unique needs of your business. Call us today to start planning for success.