Most people could tell you what BYOB stands for – and the risks involved! However, BYOD is becoming increasingly common in the workplace and it does have the potential to bring risk to your company data. BYOD [Bring Your Own Device] is the term used to refer to employees using their own mobile devices- phone, tablets and laptops – for work. Employers benefit from the reduction in capital outlay but there is no such thing as a free lunch. Without careful consideration, cyber security risks could be introduced to your network.
BYOD is not for everyone – it can expose your system to risk, impact buying power and throws up questions about boundaries around employee privacy. If your company has decided at leadership level that the benefits outweigh the risks, then you need a robust BYOD policy to mitigate the threats it brings. Here are our tips for the key elements any BYOD policy should contain:
- Information classification – your company may already have a system in place for classifying data as public, internal, confidential, business critical . This will help you set parameters for your BYOD policy. You can then set BYOD requirements linked to those levels. It’s helpful to assess the individual roles within your company, with perhaps, differing requirements in place for users of high-risk information.
- Scope of acceptable devices and an acceptable use policy – employees should be clear about what devices they can use and for what reason. Your on-boarding and off-boarding process for staff should ensure devices are correctly configured.
- Device configuration – minimum standards for all users should include setting a passcode, activating screen lock to come on automatically, keeping software up to date and backing up documents. Automatic connection to open, unsecured wi-fi networks should be disabled. It is essential to configure devices to allow a remote wipe of data should it be lost or stolen.
- Incident Reporting – your team need to know who and were to report any incidents to, should a device be lost or stolen.
- IT security services such as anti-virus, malware protection, back up of data, patch management, firewalls, encryption rules, operating systems updates should all apply as normal. Your IT Administrator should have control over the device. Alternatively, your IT Support provider should be able to help with this.
As an IT Support provider, RedMosquito can help your company determine if BYOD is right for you. We can advise you on the IT Security risks it brings and ensure you have taken the right steps to reduce the risk to your company data. If you could like to have a chat with one of our Technical Consultants then contact us today.
RedMosquito provides IT Support and IT Security services to SMEs in Glasgow, Edinburgh and throughout Scotland.