Cloud Source

5 Considerations for a Successful BYOD Program Start

by

Implementing a Bring Your Own Device (BYOD) program sounds like a win for everyone: your employees get to use the device they already know and like, and your company is not having to purchase all of those devices. It turns out that a BYOD program, while overall beneficial, comes with some inherent risk.

Some of that risk is related to security. Your employees may be accessing unsecured Wi-Fi or leaving their devices logged in and unattended. They may download apps that aren’t approved.

There are also privacy concerns. You need to be able to monitor devices in order to keep your network safe, but your employees are entitled to know what types of information are being collected from their devices.

Just like the overall lines between work and personal lives, the lines are particularly blurry when it comes to a BYOD program. How do you develop a BYOD policy that allows for a secure program that is also satisfactory for employees? Here are five considerations to include in your planning:

Executive Buy-In: As with any company-wide program, you’ll want extensive support for your BYOD implementation. When your leadership is engaged in the decision-making, they will understand the need for certain tools, such as Mobile Device Management (MDM) solutions and the amount of time you’ll need to invest in creating your BYOD policy.

Develop a Security Policy: Your team will need to work through extensive security items, such as acceptable uses, program restrictions, user responsibilities and more. You’ll also have to determine what consequences will be in place in the event an employee violates any security policies.

Develop a Privacy Policy: Determine what you will need to monitor and clearly communicate it to your employees. If you will need access to applications that are for personal use, be straightforward about the necessity of accessing that app and how the information will be used. Design the consent forms you’ll require employees to sign for your BYOD policy.

Plan for Unusual Circumstances: How will you handle an employee that takes a leave of absence or is on maternity leave? You will need a policy to handle misconduct with a device, whether it occurs during office hours or off the clock. Determine what happens to a device when an employee resigns or is terminated.

Plan for Problems: This may be the most important consideration because you have to assume that there will be terminations, resignations, security breaches and privacy issues. It’s not that you hope for these things to happen, but you recognize the inevitable occurrences that are likely to happen and you mitigate that risk as much as possible.

If your company is considering moving to a BYOD program, contact us at Cloud Source. We will help you create an implementation plan, customized to fit your needs and mitigate risks.

Implementing a Successful BYOD Program: Challenges and Solutions

by

BYODPersonal devices have become ubiquitous, with the majority of the population having at least one device that can access the internet. Many businesses are taking advantage of this to implement bring your own device (BYOD) policies, allowing their employees to work — in-house or remotely — with their own devices. This can mean a reduction in IT costs and CapEx, while also ensuring that employees are always able to be contacted. However, there are a number of security risks that come with a BYOD program, including:

  • Data loss
  • Malware
  • Unauthorized access
  • Unsafe applications

Data Loss

Loss of data is the biggest priority for businesses with a BYOD program, according to 72% of respondents to Crowd Research Partners’ BYOD & Mobile Security 2016 Spotlight Report. Many companies deal with sensitive data for their clients, making this a top priority for IT departments. It is imperative that the IT department take personal devices into account and work to keep them as secure as possible.

Malware

A single infected device can compromise a business’s entire network, if given the access. Any device registered to a BYOD program should be kept up to date with its firewall, OS, and antivirus. The best way for a business to ensure this is to have policies and procedures in place that all employees are trained on and expected to adhere to. It is also important to have a VPN standing between the device and the network itself, to protect the network by ensuring that all transmitted data is secure and encrypted.

Unauthorized Access

The benefit of employees using their own devices is that they always have access to the network — but the drawback is that they always have access to the network. This means that if a device is lost or stolen, whoever has it next will also be able to connect to the network. PINs or passwords can help keep unauthorized users out, and devices should be registered with the IT department so they can be flagged as soon as they go missing.

Unsafe Applications

There are thousands of apps available for download, not all of which are from legitimate distributors. Like malware, apps can cause serious security breaches, especially in more vulnerable devices like mobile phones and tablets. A strong policy in place will help keep employees from downloading harmful apps, and businesses can also use virtual routing and forwarding (VRF) and virtual switching instance (VSI) environments to separate trusted traffic from untrusted.

Educated employees are the best defense against an unsuccessful BYOD program. Businesses should also monitor network activity and use guardian programs that can intelligently adapt to possible threats. This will ensure that the program is a success and allow the business the flexibility that BYOD can bring.

BYOD in Government Agencies: Clear Policies Protect Critical Data

by

Bring your own device (BYOD) has the benefit of allowing businesses to cut costs on providing devices to employees, but it also creates a number of security issues. This is an especially important factor to consider for government agencies, which often handle very sensitive data but may not have a focused, detailed policy for employees to follow. Employees aren’t necessarily creating security holes on purpose, but agencies should still have a firm policy in place — or make the decision not to allow employees to bring their own devices at all.

Implementing a BYOD Program

If the decision is made to implement a BYOD program, there are a few basics to keep in mind:

  • Create clear policies that outline exactly how employees are allowed to use their devices for work-related data like email and documents
  • Only allow approved application stores, and ensure that employees know they cannot root or jailbreak their devices
  • Use software that allows for work data to be kept separate from personal data and ensures the work data can be easily removed

BYOD and Security

Both potential security problems and their solutions must be spelled out clearly in a BYOD policy. This is especially important for government agencies that need to strike a balance between keeping data safe and avoiding infringement on employee rights. This can involve:

  • Containerization
  • Connection via a secure third party
  • Lockout codes
  • Ensuring employees are up to date with security patches

Agencies should also keep in mind what sort of data they handle, including personal data like SSNs and data critical for infrastructure such as power grids. If the data is too sensitive, or could cause massive problems if it leaked, then it may not make sense to implement a BYOD policy at all.

Deciding Against a BYOD Policy

Even if the agency decides against allowing employees to bring their own devices, the agency should still ensure that all employees are aware of the restriction. Clarity is key to helping protect sensitive data; employees may not mean any harm by using their personal cell phone to check their email or look at a document, but the chance of a security breach is lessened if they know that they’re not allowed to do so.

Mobility is an ever-growing and ever-changing field. In order to keep up with the evolution of BYOD, agencies and businesses should be aware of where their sensitive data is and what it’s being used for. A policy that outlines exactly what is and isn’t allowed will keep all devices, whether personal or business, safe and secure.

BYOD: Improving Security by Educating End Users

by

With the explosion in affordable mobile devices like smartphones, tablets, personal laptops, and even smartwatches, many businesses have or are in the process of implementing a bring your own device (BYOD) policy. Software company Code 42 reveals in their 2016 Datastrophe Study that 67% of IT decision makers and 87% of CIOs and CISOs believe that they have a clear and comprehensive policy.

However, end users do not share that belief: 67% of employees find their BYOD policy is unclear. This divide between IT professionals and end users can have consequences within the organization, especially when it comes to security.

The Increase in Employee Endpoint Devices

In the past, employees used a single device, usually one that is stationary and connected to their organization’s IT-maintained firewall. Now, however, many employees use multiple mobile devices: 26% have a minimum of two devices from their employer, and 5% have five or more.

This means that businesses need a clear, concise BYOD policy that all employees must adhere to in order to maintain a level of security. According to the Institute for Critical Infrastructure Technology, unsecure mobile devices are especially susceptible to ransomware. Backup and recovery solutions will help with this, but a clear BYOD policy will help stop problems at the endpoint — before they happen.

Working with Employees

The convenience of BYOD is one of its biggest selling points, but it also means that the devices are not under the full control of IT professionals. IT professionals need to work with employees, which means not only training them to consider security alongside flexibility, but also taking into account the habits and needs of their end users. Monitoring and tracking employee behavior will help IT understand what apps are being accessed, how safe they are, and whether or not they should be allowed within the company environment. A clear policy will also help employees understand what personal data they can mix with their business data.

Education and Communication

Uneducated employees often have bad habits that can harm a business’s security, but because they haven’t had the proper training, they don’t know that these habits can compromise their devices. Education and open communication is key to changing bad habits and improving security at all levels. At the same time, IT professionals need to be flexible so that they can adapt to ever-changing technology and the working environment.

Although it may seem like a lot of work, especially for an already established business with multiple employees, a clear BYOD policy will ensure better security and less confusion. Educating and communicating with employees will reduce the risk of ransomware at the end point and help eradicate bad habits, without sacrificing flexibility.

Supporting BYOD: 6 Skills for the IT Department

by

shutterstock_310448519Before technology became the way of the world, enterprise IT had strict control over the network, devices, security measures, and software. However, many businesses are embracing the bring your own device (BYOD) trend and providing full support to employees who wish to use their own devices. The rise of BYOD culture means that the IT department needs to develop the following skills to provide optimal support.

 
Agility and Prioritization

Technology is constantly changing, and new devices are always coming on the market. The modern IT department must be able to adjust quickly and easily to new problems, no matter the device.

To facilitate this, the IT department should know how to prioritize support tickets. With many different devices running different apps, there is a much wider range of problems than there was with a more traditional IT-controlled network. Knowing the most important issues — and being able to prioritize them — is one of the most important skills the IT department can have.

App Development

Whether they’re at work or at home, most people now use apps for their technology needs. In order to keep up with modern skills, IT must to be able to develop and send out apps to the company’s employees.

Education

BYOD usually means less focus on training employees to use a device. But while employees may know what they’re doing, they don’t necessarily know why. The IT department’s responsibility then is to ensure that they continue to educate employees on proper security measures and company procedures. This will lessen the potential for security breaches and ensure that employees are able to solve minor issues themselves.

Flexibility

More devices means more ways of handling issues and more people who can bring their knowledge to bear on a problem. With a BYOD culture, IT must be able to show flexibility as well as the ability to handle a wide range of devices, issues, and solutions. In order to best serve the company, multiple approaches to a solution should be taken depending on the needs of different user groups.

Gatekeeping

While BYOD can lessen the IT department’s workload of minor problems, it can sometimes lead to the challenge of knowing when to say yes — and when to say no. The IT department is no longer completely in control, and needs to be able to decide between the benefits of allowing a user to work on an issue themselves and the need to put conditions and security measures in place to ensure data privacy.

Mobile Security

Because BYOD means that employees are using devices that may not have been subjected to strict security measures, the IT department must have a good handle on mobile security. IT should be aware of and kept up to date on all current security issues and potential problems. This will ensure that sensitive data is kept secure no matter what device an employee uses.

More and more regular users are becoming technology-savvy. While this means that the IT department is no longer overseeing the entire process, it also means that IT can turn its attention to more difficult challenges.

Contact

328 S. Jefferson St. Suite 603
Chicago, IL 60661
Ph: 312.753.7880
E: info@CloudSourceServices.com

Newsletter Signup

Stay up-to-date on Cloud Source's news.

↑ Top of Page