6 Ways to Plug Security Holes with a BYOD Policy

Companies without a bring your own device (BYOD) policy are extremely vulnerable to network security threats. Implementing a BYOD policy has quickly become a necessary precaution for all businesses of all sizes. The problem is that many businesses adopt cultures that embrace the BYOD mentality without having security protocols in place to protect their network. We’ve outlined the advantages of BYOD in the workplace, in addition to the disadvantages and how to construct a BYOD policy to properly mitigate security risk.

The Business Case for BYOD

BYOD encourages employees to be more responsive and connected outside typical business hours. By letting employees use their personal mobile devices at work, those employees have the flexibility that mobile devices give them, tend to be more productive, and have a shorter learning curve for using the device. Not to mention, there can be a cost savings for the business (even if employees are reimbursed for a percentage of the personal expense associated with the device).

Preparing to Construct a BYOD Policy

On the flip side, the company’s managed IT service provider must support a heterogeneous environment and prepare a plan to mitigate for increased security vulnerabilities. So, how can a company balance these two needs? Before your company puts a BYOD policy in place, answer the following questions:

• How will you safeguard data-storage and manage network access?
• What are the risks to your organization should a mobile device be used in a cyberattack?
• How will you maintain compliance with industry standards and/or government mandated requirements?
• How will you ensure that employees respect data-protection and access constraints?

Creating a BYOD Policy

Today’s businesses face threats from multiple vectors, with mobile devices representing the latest in popularity. However, the right security measures can significantly reduce security risk within your business’s environment to protect its reputation, data, and employees. It all starts with a BYOD policy. Here are a few approaches to get you started:

1. Determine which devices your company will support. Some mobile devices—such as “jail-broken” phones—simply won’t meet your organization’s security standards, so determine which devices will.
2. Set clear expectations. If employees want to use their own devices for work, they must be willing to make compromises to ensure the company’s security. Make sure you clearly spell out the business’ expectations, such as multi-factor authentication and logging in through a virtual private network (VPN).
3. Create a list of approved apps. One of the easiest ways to compromise a network is to allow users to install software without IT’s knowledge. To avoid such issues, create a list of company-approved apps for use on mobile devices.
4. Enforce data encryption. Company data should be encrypted both in transit and at rest.
5. Install a mobile device management (MDM) solution. MDM solutions such as Microsoft Intune or VMware AirWatch allow users to register their devices within the solution so IT can wipe devices remotely should they be compromised, lost, or stolen.
6. Educate your employees. Ongoing training is important in all aspects of business and personal device security is no exception. Train your employees to recognize phishing attacks while helping them use their devices to their full potential—safely.

It’s always, always best to consult a professional. If your business is considering implementing a BYOD policy, contact All Phases IT to speak with one of our experienced IT consultants. We’ll evaluate your current network security vulnerabilities and help you determine the best way to keep your company—and its reputation—safe.