Beyond Bring Your Own Device (BYOD)

Many businesses have adopted an IT policy of Bring Your Own Device (BYOD) to save money and provide employees with the flexibility of staying connected when they travel, work from home and spend time in the field.  The BYOD policy allows employees to use personal smart phones and tablets for business purposes.

According to research firm Computer Economics, companies can save between $1350 and $3500 annually by adopting a BYOD policy.  In addition, employees can be more productive and have higher job satisfaction with a IT mobility plan.

According to research by the Computer Technology Industry Association, CompTIA, security is the primary issue for IT Managers when it comes to mobility.  The number one risk cited is loss or theft of a mobile device.  Seventy percent of those surveyed implement mobile device password locking as part of their data protection plan for mobile devices.

However, a four digit password in itself is not enough security, so there are a number of additional precautions companies should take to protect valuable corporate data.

Here are a few recommendations you may consider to help mitigate risk from your BYOD policy:

Have employees agree to a policy of notifying the company in a timely manner when a device is lost or stolen.  If the company uses technology to “wipe” corporate data from the mobile device ensure employees keep personal data separate or prevent company data from residing on the mobile device all together.

Local laws may prevent an employer from wiping or “rooting” a mobile device upon loss, theft or employee termination.  If you do business in foreign countries be aware of the governing laws if you implement a BYOD policy.

If an employee is attaching to your corporate or WiFi network, consider auditing your network for unauthorized mobile devices.  Also, consider implementing corporate guidelines for supported mobile devices.  Have a policy that ensures all mobile devices are up to date with Operating System O/S Patches and also have up to date anti-virus and anti-malware installed.

If employees are accessing corporate systems using mobile applications, publish a list of “white listed” or approved applications.  Additionally, publish a list of “black listed” or unauthorized mobile applications.   In the alternative, consider maintaining a private or enterprise application store to manage the distribution and updates for approved mobile applications.

If employees use cloud based data sharing, create company policy and guidelines for what, if any, corporate data may reside on mobile devices.  If corporate data is authorized for a mobile device consider encrypting the data on the device, as well as, the data transmitting Over The Air (OTA).

Security is the top priority when it comes to implementing a company Bring Your Own Device (BYOD) policy.  There are a variety of technical solutions, in addition to policy based issues required to safely and securely implement a BYOD policy.  Consult with your IT Service Provider to ensure your mobile device policy is a secure one.