Creating a Secure BYOD Enterprise

Whether your company has intended to be a BYOD or not, it’s likely that employees are bringing their own devices to work anyway. In the era of smartphones, tablets, and other personal technology devices, it’s difficult to imagine any workplace where BYOD is not occurring on a daily basis. This article from CSO Online reveals that at least 49% of all employees “use a personal mobile device for work-related tasks and spend a great deal of time on personal devices for their job.”

By now it’s safe to say that the question of BYOD has become less about if your company will support BYOD and more about how your company will do BYOD securely.

The Challenges of BYOD Are Complex

By saying that BYOD is inevitable, we’re in no way saying that it is simple. Even securing company-owned devices is a challenge that many organizations continue to struggle with. So it makes sense that IT departments or company executives are apprehensive when it comes to employees using their personal devices in work contexts. Yet, acknowledging the challenges of BYOD is the first step to creating solutions. So, let’s lay these challenges out:

  • Variety of manufacturers and operating systems in personal devices
  • Personal devices contain personal information that many companies don’t want to be liable for
  • Lack of IT support to accommodate large number of devices
  • Negligent employee behavior and security practices

Solutions

While there are definitely risks associated with BYODs, the imminent growth of personal devices will make it near impossible for any company to avoid BYOD entirely. The energy spent avoiding the use of personal devices may be better spent in preparing a security strategy for the personal devices employees already use and for the devices that will inevitably continue to be integrated into work life.

Creating a strategy for how your office place will deal with personal devices will not only pacify worried executives, but it will also serve as a great tool in dealing with the day-to-day challenges of BYOD. Here are some ideas we have for creating your own strategy:

  1. Set boundaries: In order to make BYOD function securely, your organization must set clear boundaries of what is and isn’t allowed in terms of device usage. Each company uses different software, hardware, and security protocols. Knowing what will and will not work for your specific organization is an integral part to your strategy.
  2. Create security infrastructures: Whether your IT department is two or 200 people, it’s absolutely necessary to set up a security infrastructure for BYOD to be successfully secure. This will vary according to organization, but should involve VPNs, multi-factor authentication, and device encryption. 
  3. Emphasize user training: Many security risks exist from lack of knowledge. Users can’t follow guidelines they are unaware of, and that makes the security success of BYOD contingent upon the fact that users actually know what is expected of them. Organize weekly or monthly training (and re-training) to raise awareness of best security practices. 
  4. Foster trust: In order for any BYOD to work efficiently, there has to be a level of trust between the IT team and the user. Any antagonistic relationship between the two could ultimately damage the security strategy that an organization already has in place. In a TechTarget article on BYODs, they say, “users must agree to give IT some control—for example, if your device goes missing, call us first so that we can wipe your phone before you call your provider.” This trust is essential to the success of BYODs. 

In 2015, we can no longer consider BYOD a hypothetical. What we can consider, however, is that an organization’s willingness to adapt could be their best defense against future security threats.

Posted in 101, Best Practices, Enterprise Security