How to Manage Security for BYOD Employees

Posted by Mark Jennings - August 10, 2018 - IT Security

nordwood-themes-469906-unsplash

Modern workplace environments have changed considerably over the last few years. Today, companies are desperately striving to create flexible and inviting office settings for their employees with the ultimate goal of improving job satisfaction and increasing staff retention rates. One of the ways employers can do this is by incorporating a BYOD (Bring Your Own Device) policy in their organization.

BYOD policies can help improve the efficiency and relaxed atmosphere of the workplace. By allowing employees to use their own devices when completing assignments and accessing company information, employers can save significant costs in IT development, while employees enjoy the productivity and satisfaction that comes from working on devices they are comfortable using.

However, the risks of incorporating a BYOD policy into a business environment shouldn't be ignored. Year after year, cybercrimes continue to plague organizations in virtually every industry, crippling their critical systems and compromising sensitive data. Without proper due diligence, personal user devices can be a gateway for these attacks, creating an unsecured platform for hackers to exploit.

With this in mind, it's essential that organizations take action to train their employees on cyber security best practices for their personal devices and enforce a well-structured company policy around BYOD. Here are cyber security techniques that all employers and employees should adopt when creating a safer working environment on their personal devices.

Register user devices

The first step to successfully managing BYOD in the workplace is by drafting and enforcing a well-structured policy on the use of personal devices for company purposes. A critical aspect of this policy should be centered around the importance of registering all personal user devices with the IT department to help protect both the organization and the employee in the event of a malicious attack.

By registering MAC addresses on your network, IT teams will be able to monitor for suspicious spikes in bandwidth and resource allotments, making it much easier to spot and segregate potential data breaches.

Another important aspect of device registration has to do with how common it is that devices are lost, stolen, or sold to new parties over time. All of these situations, including when an employee leaves an organization, can cause security issues if the device's system access permissions are not controlled.

While some employees may not like the inconvenience of registering all their devices with the IT department, it's important to explain in your BYOD policy the difference between using a device "at work" and "for work."

Any time an employee uses their devices to access, share, or utilize company information, it then needs to live under the company's cybersecurity umbrella. While this may not apply to employees using devices strictly for their personal use, any devices connected to secure system mainframes need to be adequately secured, and owners will need to follow their company's BYOD policy closely.

Implement Mobile Device Management (MDM)

Mobile Device Management allows organizations to control the corporate data and use of the device while allowing the user to have control over the personal use of the phone. An MDM platform can create a secure “zone” inside the phone that provides control over what apps can connect to the corporate network and what documents and data can enter and leave the organization. Meanwhile, the employee can store personal photos, contacts, apps etc. as they wish. In the event the device is lost or stolen, or the employee leaves the organization, only the corporate data and apps are remotely wiped.   

Enforce screen locks and secure password protection

Everyone who uses a smartphone, tablet, or laptop has their personal preference when it comes to the level of access security they utilize on these devices. However, when personal devices are used for business purposes, it's crucial that a BYOD policy specifies that appropriate screen locks and password protection should be used at all times. Password protected devices provide a straightforward, but effective first line of defense when it comes to protecting company data and thwarting off data breaches.

Set up remote access protocols

Setting up remote access security protocols on all applicable mobile devices is another failsafe that companies can deploy. In the event of a device becoming lost or stolen, users or a member of the IT team can remotely secure or wipe data off the device, ensuring there is no chance of unauthorized company access.

When implementing a remote wipe clause into your BYOD policy, it should be understood that employees will need to update their data regularly in the cloud or through external means. This will ensure that in the unlikely case a device needs to be remotely wiped, all personal photos, files, and documentation from the device will already be securely stored.

Utilize data encryption and VPNs

Although passwords and screen locks are effective cyber security best practices, they shouldn't be looked at as the only line of defense against unauthorized system access. As a rule of thumb, companies should never rely solely on a device’s security capabilities and the ability to prevent malicious system attacks.

While device password protection is undoubtedly beneficial to have, encryption of system data is a much more effective means of protecting system data long term. There are a variety of different data encryption methods a company can deploy whether they’re user-enabled, network driven, or through the use of containerization. All these methods create a failsafe if system security is bypassed and company data is exposed.

Remote connectivity through a Virtual Private Network (VPN) is another excellent way to cut off external access directly to the system. VPNs are a much safer solution than using typical WiFi network access. WiFi networks, although able to be secured, typically have much more traffic potential and are always open to outside access attempts. VPNs are like shields that encrypt data directly from your network. If devices are compromised, and company data is exposed, it will be virtually useless as the information stays heavily encrypted.

Make use of malware and antivirus protection

Mobile devices are now used more commonly than laptops and desktop computers and have essentially become high-performance, portable alternatives to larger machines that serve the same purpose. As the processing power of these smart devices has improved over the years, they now can actively run advanced malware and antivirus applications. Devices that utilize active security measures directly in their operating systems are considerably more likely to protect the company and the user from unauthorized access.

For companies that enforce malware and antivirus protection on personal work devices, it has become standard practice for the business to purchase these licenses directly for their employees. Buying the licensing directly allows the company to deploy, secure and integrate all devices onto a centralized network for active security monitoring. While employees can benefit from a premium device protection service for all of their personal information, companies can create whitelists and blacklists on specific third-party applications to reduce the chance of downloading viruses, malware, or phishing attempts designed to compromise business systems.

While BYOD policies offer benefits in the form of increased productivity, reduced IT costs and overall employee satisfaction, the security of your business should always be the most critical consideration. However, by implementing data encryption and mobile device security protocols and training employees on cybersecurity best practices for their personal devices, you can ensure you maintain a balanced approach to the convenience and security of your BYOD policy.

New call-to-action

about the author

Mark Jennings

Mark Jennings is SymQuest’s Area Vice President of IT Sales. Jennings works with SymQuest’s sales and service teams to educate customers on current best practices around data protection, disaster recovery, security, and overall technology planning.

Mark Jennings
LinkedIn

Comments