Employees at many companies are allowed to bring and use their own devices at the workplace. However, Bring Your Own Device (BYOD) policies can only be effective if everyone in the organisation is aware of, and is committed to abiding by, the appropriate and applicable security policies.
Rick Bell, Innovation Architect for UXC Connect explains that BYOD is a fact of corporate life but it is important to ensure effective governance. He observes that employees, mostly senior executives, are often tempted to bring their own device because the technology they have is usually more advanced than what they have at work. This segment is also more likely to plug their new device into the corporate network without due consideration for security policies.
BYOD security policies must take into account that regardless of the device used, the network must be secured to protect the organisation’s critical data. If not properly secured, mobile devices can introduce malware into the network that can compromise the security of the entire business.
An effective BYOD security policy will specify clear guidelines for employees about what types of devices are acceptable and what needs to be done to ensure they are secure before they are used on the organisation’s network. These policies must be communicated in a formal manner to ensure all employees are aware of the requirements as well as penalties for non-compliance.
According to Rick Bell, organisations cannot take chances when it comes to introducing new devices into the network, which can potentially impact corporate network security. There must be standards and systems in place to maintain that security. For example, a mobile device might include security measures such as encryption, two-factor PIN authentication or containerised applications and data protection. Devices that cannot support these measures should not be allowed to access the corporate network.
Rick Bell also advises that organisational policies should be set and overseen by a committee that includes senior executives from both business and technology. He explains that senior executives often expect to be able to use their personal devices in the business network, but they should be educated about the risks as well.
Being part of the steering committee that develops, communicates, and enforces the rules regarding BYOD will help reduce the risk of executives thinking they are beyond the purview of established rules. Additionally, it presents an opportunity for senior executives to lead by example, helping spread the right security-sensitive culture across the organisation.
Rick Bell adds that policies and standards can be enacted through an enterprise mobility management platform. By doing this, organisations can then leverage mobility initiatives and BYOD policies to deliver the benefits with the assurance that network and information security will not be compromised.