The growing uptake of BYOD has put pressure on IT departments to create the perfect balance between business security and personal privacy. A one size fits all approach doesn’t work for BYOD, with configuration and security settings changing from one device to the next.
The benefits of bring your own device are being reaped by many businesses, with flexibility and lack of outgoing costs appealing to many company directors and IT managers. Precautions however need to be taken to protect both businesses and employees. The biggest security concerns fall in the cross contamination of malware from external networks, compromise of sensitive company data and the loss of employee productivity due to easy access to personal resources.
In order to prevent these concerns becoming reality it’s important that businesses who are using BYOD implement a strong policy based on protecting company data. The process of simply applying the same security settings as company mobiles and tablets does not suffice; each device is unique and must be looked at as an individual circumstance. The base for a BYOD policy needs to cover some essential points to ensure best practice …
Firstly the standard of operating system must be set, any devices running older versions of their chosen operating system must be upgraded before being authorised access to a company network. Certain versions of Windows and Android are not equipped to detect and defend against modern day intrusions and threats.
Secondly, standard configuration settings must be set. Allowing access to company data only via a VPN is a good place to start, and employing encryption software on all machines is a good way to protect against data leaks from lost or stolen devices.
Another key rule that should be included in all BYOD policies is that if any device does become infected with malware that it must not connect to the company network until fully patched a tested to ensure it doesn’t put any internal network or device at risk.
Start a policy with these 3 points and develop in line with the business network whilst also taking into account the requirement for flexibility.