According to Gartner, most companies—two out of every three—that allow personal devices in their network do not have a security policy or secure access strategy in place that governs mobile devices.
While that might seem like a case of simply putting the cart before the horse, in reality it’s more like letting a team of Trojan horses into your network. Smartphones and tablets especially have the potential to introduce a host of network security risks, from viruses to data theft. It’s important therefore that companies set boundaries and policies for which mobile devices can access their network, what they can access and when they can access it before companies bring BYOD into the picture.
During the course of helping many companies adopt and implement effective BYOD initiatives, AdvizeX has found that getting the right answers to which policy and security strategies will be most effective begins with asking the right questions. If you’re considering implementing BYOD in your network in the near future, or have already begun to gradually open those gates to personal mobile devices, here are seven questions that can lead you to better BYOD security and policy strategies.
1. What new security risks are presented by BYOD?
Opening up your network to personal mobile devices requires more than user and endpoint authentication. Communications need to be encrypted and wireless networks need to be secured, especially when accessing business information over a public WiFi hotspot.
2. How do you plan to enforce security on personal devices?
Most personal devices are not password protected. Employees need to be educated on security best practices to ensure that business information and communications remain private and protected at all times, which leads us to the next question…
3. How do you maintain consistent policies across business and personal devices?
In the pre-BYOD environment, IT controlled security. Security software was updated universally on a set schedule and firewalls were implemented to protect devices within the network. Today’s IT departments need to become both more proactive and creative in getting employees to ensure their personal devices meet the minimum corporate requirements for security, including the latest security software and strong password protection.
4. What happens if a personal device is stolen?
According to Consumer Reports, over 1.6 million smartphones were stolen last year. Businesses need to have a security policy in place that quickly deactivates lost devices before they can access the network and retrieve confidential information.
5. What third-party applications will employees be allowed to use?
Many employees use third-party applications such as Skype and Dropbox on their mobile devices to share and store business information. Although these applications provide some levels of security, companies need to carefully manage when and how their employees use these applications to ensure they comply with the company’s own security policies.
6. Does BYOD present a risk of regulatory non-compliance?
Even if your business isn’t impacted by HIPAA or PCI DSS, protecting customer information is a priority for every business. Companies need to ensure that BYOD policies comply with regulatory requirements as well as their own publicly stated privacy policies.
7. What happens to business information after an individual leaves the company?
This used to be a fairly straightforward matter when companies owned the devices, but how do companies ensure that confidential business information stored on a personal device doesn’t leave with the device? Companies also need to consider an exit policy that addresses information stored on third-party applications such as Dropbox, many of which are created and maintained as personal rather than business accounts.
The list above offers a lot to consider, but BYOD is not something to be taken lightly. To learn more about building the right BYOD strategy for your business, stay tuned for the next blog in my series, “BYOD Strategy Part 2: Mobile-izing Your Business Applications.” ▪