5 Elements of a Good BYOD Enterprise Program
Small- and medium-sized businesses can take advantage of BYOD – safely
The corporate workforce is changing: Employees used to stay chained to their cubicles, plugging away on company-issued PCs. Today, remote workers perform the same tasks on their own high-tech tablet or laptop while soaking up the atmosphere at their local coffee shop.
Employees are increasingly using their own devices as the mobile workforce grows in importance. A Computing Technology Industry Association study found that 84 percent of professionals surveyed use their smartphones for work, but only 22 percent of their companies had a formal mobility policy. The upshot of this mobile shift is that corporate networks will be increasingly vulnerable, unless these devices are reined in with a BYOD enterprise program.
If your company lacks a mobility policy, consider incorporating the following five elements into your BYOD program to save time and money.
1. Include clear, written rules
Eliminating risky end user behavior through clear BYOD policies saves IT expenses right off the bat. Some of the most salient points to cover in writing include:
- Prohibited devices, such as jailbroken phones
- Blacklisted applications
- Procedures for lost or stolen devices, including the possibility of wiping out all data on a device
- Privacy disclosures, such as what personal information the enterprise has access to on a device
Some of these issues, like whether the company can legally wipe out data on a device they do not own, should be cleared with your human resources and legal departments to minimize the risk of lawsuits.
2. Make sure it’s formally presented
It is not enough to have employees sign off that they have read the policies – formal classroom or online training is recommended to ensure comprehension and compliance – especially for less tech-savvy workers who might not understand that seemingly innocent actions can expose the company to risks.
3. Ensure that it’s scalable and flexible
Make sure your security software can be painlessly installed on new devices. Cloud-based services do this particularly well and are typically available on a per-user subscription model, which saves money by protecting only what is needed at any given time.
Also, consider exceptions to rules, such as allowing peer-to-peer networking programs for certain users who might benefit from these tools. Otherwise, employees may risk bypassing your security protocols in order to use forbidden applications.
4. Secure against the greatest number of threats possible
Risky behavior such as opening email attachments from strangers or visiting dubious sites on BYOD devices should be addressed in the written policies and further safeguarded via antivirus software.
There are other exploits to be aware of, which might not be as obvious, such as fake antivirus scanners that users might innocently install, and social engineering (or phishing) threats. A good endpoint protection program will keep employees up-to-date on these lesser-known attack vectors and continually inform them on how to best protect their devices. This does not require much expense but does involve staying abreast of threats and implementing a solid communication plan.
5. Allow for remote monitoring and control
You have to have a degree of oversight over which BYOD devices are accessing your corporate systems. This is where a third-party mobile device management tool (MDM) can pay valuable dividends. MDM services provide benefits such as malware blocking, policy enforcement, logging, encryption and remote wiping, all from a single, centralized platform.
In summary, leveraging the benefits of BYOD while minimizing potential pitfalls is a tightrope act, but the BYOD trend can’t be ignored. Each business must strive to develop a program to protect its systems and data from breaches, while allowing workers the freedom and convenience they seek.
BYOD is not going away… is your company ready?
By Willie Pena