The third week of Cyber Security Awareness Month focuses on this and how our work and daily lives have become increasingly blurred. Before the days of smartphones, it would have been unheard of to request employees to bring in their own equipment for work. However, the introduction and combination of smartphones, tablets and laptops has meant that more companies have put in place Bring Your Own Device (BYOD) policies. But employers are increasingly considering the effects of policies like this in the world of work and how best to manage them.
There are many benefits to a BYOD policy, including reduced hardware and software costs, convenience and a sense of ownership. However, these policies can place additional strain on IT departments who have the responsibility of ensuring both the devices and practices don’t introduce unnecessary vulnerabilities to the company network and data. Security risks are a key concern and harder to manage since so much power is being put in the hands of the employee. Hence why, it is highly important to educate employees around the consequences of using personal devices at work and the key things they can do to mitigate risks.
Many challenges faced within small and medium businesses that employ BYOD can be addressed with improvements to their endpoint administration. For example, a cloud-based dashboard that provides oversight of a diversity of devices on a network, can greatly simplify the work of IT Admins facing a BYOD environment. Our ESET easy to use Cloud Administrator product can support those wandering Windows and OSx/macOS laptops. Also make sure any mobile devices have a mobile security App installed.
Don’t buy before you get Buy-In
Even before beefing up administration of your endpoint, the first thing to do is to get buy-in from your employees. The more you have employees on side, the easier it is to get them to understand why such a policy is important, and the more likely they are to adhere to it. Creating easy communication between employees and IT is important but it is the responsibility of employees to read, fully understand and agree to the company’s policy. It is also crucial for employees to appreciate the value of keeping proprietary and sensitive information secure. Organizations live or die by access to information and compromise to their data can do great damage to reputation, cause financial harm and, in some industries, have severe regulatory repercussions. Employees involved in BYOD schemes must understand that protecting sensitive information maintains competitive advantage and protects jobs.
Once employees have an understanding of the repercussions and have bought into the policy, they have certain responsibilities when it comes to their devices. They shouldn’t let convenience and expediency overrule policy and must only use approved devices and software vetted and verified by IT. All lost or stolen devices must be reported immediately. It may be the responsibility of the employee to replace the personal device, as laid out in the policy, but it will still have sensitive information on it that could be compromised. Even with a repair, employees should use authorized repair facilities to ensure sensitive information is not compromised while the repair is taking place.
Finally, employees need to be aware of cyber-attack vectors, including malware and social engineering. Phones or devices under the BYOD policy should not be loaned to anyone; this includes loaning and giving security credentials to family members. Most BYOD policies will have a whitelist and blacklist Another way to avoid cyber-attacks is by avoiding and not working around whitelist and blacklist applications on the policy and ensuring every email and call is authorized, authenticated and tracked. BYOD policies can work but employee input is essential for creating an effective policy. Policies that are too restrictive or fail to offer support for the right devices will lead to a lack of participation by employees. Everyone involved has a responsibility to make a BYOD policy succeed.
