Mobile devices like laptops, tablets and smartphones make it easy for employees to work on the go. According to a report, 87% of companies rely on their employees to use their personal devices to access business apps. As a result, companies may employ a bring-your-own-device (BYOD) arrangement at work. However, BYOD can be a security threat because employees can access corporate data outside the enterprise network.
Source: Help Net Security
Securing Mobile Devices
Mobile devices are susceptible to being stolen, forgotten or lost because of their portability. While you can prepare for these risks by keeping an eye on your mobile device in public, they can end up missing anyway. In case this happens, it’s important to have protection in place.
Implement Mobile Device Management (MDM) – MDM solutions allow administration over all BYOD devices from a central location. A good MDM will allow you to manage, monitor and secure employees’ devices regardless of service provider or operating system. Features to look for include remote wiping, tracking, PIN enforcement and encryption.
Update & install anti-virus software – Protect devices from malware by installing anti-virus software and/or firewall. Regularly update software, apps and operating systems to patch any security vulnerabilities.
Partition data – Data partitioning is the act of splitting data into separate entities for faster retrieval. By partitioning your data on your device, your operating system will be able to manage the information in each section separately.
Choose apps wisely – Avoid downloading apps that aren’t from official app stores but also be careful of apps already there. Malicious apps can slip through the cracks and be found in app stores.
Encrypt data – Encrypting your data makes it harder for cyber criminals to access your information. You should also encrypt wireless communication like e-mails because they can be easily intercepted. You can encrypt your data and communication through a secure network like a VPN.
Tips for a BYOD Policy
In order to regulate your employees’ devices and protect your organization, you need a BYOD policy. Outlining proper guidelines for using mobile devices at work and communicating them effectively will make it easier for your employees to adhere to the same standards.
Establish allowed devices – Your policy should cover all devices your employees use, whether it’s Windows, Android or Apple. What devices you allow should be based on the specific devices or operating systems that meet your company’s needs.
Create security and service protocols – Include proper security posture in your policy, such as having your employees use complex passwords and/or two-factor authentication. You should also include rules around device loss management, such as whether to remotely wipe a device if lost. Outlining service support for device troubleshooting and maintenance is also important. Problems with enterprise applications should be taken care of by your IT support. Employees need to know what support they can expect from your IT department regarding the problems on their device.
Define who owns the data – Since employees are using their own devices to do their work, it can blur the lines of ownership. Employees must understand that enterprise apps and data are company property.
Determine acceptable use – Employees need to be aware of guidelines and restrictions on apps or websites they can access while connected to the enterprise network. Make sure you are not infringing on your employees’ privacy and usability of their devices when deciding on acceptable use.
Develop an employee exit strategy – Employees may not always leave on amicable terms, making them a potential insider threat. As soon as an employee leaves, terminate their access immediately – this includes their accounts and e-mail. Also make sure they don’t leave with corporate data by wiping it from their device(s).