BYOD: It’s a good thing
Ready or not, mobile devices will enter your workplace — if they haven’t already. The use of smartphones and tablets has accelerated to the point where the majority of consumers — your employees — have one and will want to use it with or without guidance from IT departments. However, poorly managed Bring Your Own Device (BYOD) programs can end up costing a company in many areas.
Let’s face it: employees will use devices like Android phones or iPads for work-related tasks whether their employers approve of it or not. The best thing for employers is to accept this trend, and develop and enforce a clear BYOD policy.
On the positive side, the Aberdeen Group reports that the BYOD trend really does lead to an increase in employee productivity. With the increase in productivity, comes an increase in data security issues since individual employees can access company data from almost anywhere. The first step in the process is to connect with employees. Discuss the policies openly and let them know your intention is not to impede workflow, but to protect important company data, information and systems. Work together with your employees to find a process that works best for your organization.
The following steps should help organizations create a productive and secure workplace while allowing employees to take full advantage of their preferred devices:
- Conduct a risk assessment for each critical data source and application.
- Understand the mobile risk on the server side and restrict access to mobile devices accordingly.
Publish and enforce mobile device policies which include the following baseline controls:
- Require that users’ access credentials to be entered prior to accessing enterprise applications and data.
- Require devices to be registered with the organization and permission granted to remotely wipe the device if it is lost or stolen.
- Prohibit the use of any device that has been “jail broken” or rooted to reduce risk of vulnerabilities, viruses and prohibited applications.
- Update Incident Response Plans to accommodate event analysis for a stolen device, defined incident declaration and investigation procedures to determine potential for data loss.
- Implement an awareness campaign and train your employees on the risks of using mole devices in the workplace (malware, appropriate vs. inappropriate use, etc.).
Employers and employees both must take the proper attitude when it comes to BYOD. This trend will only work with a solid understanding from both sides. The bottom line: be realistic when it comes to both protecting company information and understanding that employees want to use their own devices. This will help to create a happier and more productive workplace and keep your critical information safe.
Visit Coalfire.com for more information on developing and implementing an IT Governance, Risk Management and Compliance (IT-GRC) program for your organization.