The 5 Don’ts of Bring Your Own Device Policies
Having a BYOD strategy is critical to making sure your applications and data are protected against the risks that come from devices that aren’t managed by your IT department. Here are five things not to do when creating your BYOD policy.
1. Don’t think you don’t have a BYOD problem
Whether or not you have an official policy, employees are using their own devices to do their jobs. Surveys show that close to 20 percent of employees don’t tell their employers that they use their devices at work, and even more admit to ignoring company policy.
2. Don’t rely just on enterprise mobility management (EMM) software
EMM provides a broad suite of services to help you protect against mobile threats, but even that comprehensive protection is incomplete. EMM can help you limit which devices have access to your network and applications, but doesn’t protect you against malware on those devices.
3. Don’t rely on securing devices
Even though the threats come from the use of mobile devices, protection strategies shouldn’t be limited to the devices. You need to implement protection strategies targeting networks and applications as well as applying controls to the devices.
4. Don’t ignore employees’ concerns
The use of personal devices for job functions inevitably means those devices have a mix of personal and work data on them. Employees need to understand what loss of privacy they can expect if they mix business and personal use of their devices. If you plan to wipe devices remotely as a security measure, be sure you can limit that to business data or that employees understand they may lose personal files as well.
5. Don’t forget to plan for changes in devices and employees
You should expect to update your policy and strategy frequently as new devices and operating systems create new threats. You may need to add controls regarding the use of these new devices, as well as block devices as they age and lack up-to-date security. Similarly, you need a process that handles turnover among your employees, making sure any mobile device access granted to employees is disabled when they resign or retire.
Most people walk around today with their phones in their hands, and they don’t put them down when they reach the office. Ensuring that employees’ mobile devices don’t create a threat to corporate information security is a key component of any business’ information security strategy.
The Prescient Solutions team provides mobile support services that help companies leverage the benefits of BYOD without introducing risk. Our mobile services include setting up users’ devices with the access they need and implementing mobile device management or enterprise mobility management software to provide the controls your business needs. Contact us to make sure you cover the do’s as well as the don’t’s of mobile and bring your own device policies.