Bring Your Own Device is a system where people can use a single mobile device for both business/office and personal work – from anywhere. The very definition creates several issues, the foremost being Security, as the employees would be roaming with the device and may misplace them. For the IT people, security is one big issue. For employees, however, the major issue could be giving up some of their computing privacy.
Bring Your Own Device Policy
To make BYOD success, you should have a good BYOD policy in place. There is no such thing as the perfect BYOD policy. You just keep on making changes to the policy – as technology progresses – to keep the data secure.
#1 Educate the Employees
If you are considering BYOD implementation or have already implemented it, take time to make the employees understand the system is for convenience to both the employee and employer. You need to tell them how to keep the device protected with latest updates and patches for the operating system and hardware they are using on their mobile devices. You need to tell them about possibility of data leaks and how it can ruin the organization’s efforts. You need to make it clear that privacy of organization’s data cannot be compromised.
#2 What all Platforms To Allow
You cannot let users select just about any platform. If your organizations cannot run on any specific operating system such as the iOS, you have to tell your employees that people opting for iOS cannot participate in the BYOD program.
In a better method, you can give them a list of two-three platforms that are acceptable and are good enough to provide for both the organization and employees. That would bring in some consistency so that you do not have to hire additional IT people to troubleshoot the devices.
#3 Non-Disclosure Agreement
Make the employees sign an NDA to an effect where they cannot share company data with any third party. Make them aware of social engineering and teach them methods to keep the data under lock.
#4 Logging & Responsibility
This is important even if the employees object. Logging the events can help you identify if any employee has been engaging in illegal activities such as downloading pirated movies. In this case, you also need to tell the employees that they will responsible if anyone claims damages and not the organization. This clause is important as people often revert to cheaper methods for something or the other. And since it is the employee using the device and because it was the employee who went ahead to, say, download a pirated movie, organization will not be charged with any offense.
#5 Tracking and Remote Deletion of Data
Another important aspect when creating a good BYOD policy, tracking the mobile device is more for the safety of the organization’s data and NOT to know what the employee is up to. The mobile device needs to be equipped with some sort of application that allows remote deletion of HDD. This is helpful when:
- An employee loses the device
- An employee leaves the job and moves on to a rival organization
The possibility of an irked employee giving away information deliberately exists, and the NDA agreement should be able to take care of that. Keep the damage claims a little higher to prevent deliberate sharing of data.
Among other measures that help you to formulate a proper BYOD policy, are
- Registering the MAC addresses of devices – This helps in blocking illegal connections to the corporate network
- Auditing the Network – Check the network for any possible vulnerabilities and keep a check on the number of devices connecting to it. This way, you will be able to know if any unauthorized devices attempts connection.
- Create a company cloud so that users who are working remotely can store things to the common shared space instead of plugging into your network again and again. That will reduce the chances of a security breach by a significant percentage. It can be anything that allows storage, collaboration and encryption.
The above is not a comprehensive list of factors to create a good BYOD policy. I might have missed out on some other important points. If you feel so, please share with us.
In the next part, we will talk about possible BYOD Mistakes, BYOD Solutions & How to deal with them.