The popularity of BYOD is growing. Employers realize there are great benefits to be gained from allowing end users to use their personal devices in the workplace. The thought of BYOD may send shivers down the spines of IT security professionals but, as long as Bring Your Own Device best practices are implemented and followed by BYOD participants, network security may not be placed at risk.
BYOD advantages and disadvantages
Employees now own a variety of devices, many of which are of a higher standard than the equipment supplied by their employers. They have laptop computers, home computers, tablets and Smartphones, and are used to the way their devices work. Coming to the office and experiencing a technological downgrade can be frustrating. It is therefore no surprise that most employees would prefer to bring their own equipment to work with them, rather than use employer supplied devices.
Employees who are allowed to bring their own devices to work tend to be happier and more productive. They are used to the way their devices work, everything is easy to find, and they do not have to learn to use a different operating system. Their devices are usually powerful and fast, and tasks can be performed efficiently. Hardware is often upgraded regularly. Operating systems take an extraordinary amount of time for companies to roll out following a new release, yet many employees upgrade quickly.
Employers do not have to upgrade their computer equipment or buy hundreds of Smartphones for the staff that will be out of date in a couple of years. Employees cover the cost of purchasing their equipment and the benefits are gained by employers. Employers may get benefits from adopting a BYOD scheme, but there are associated risks. There is no such thing as a free lunch! But do the advantages of BYOD outweigh the risks?
Disadvantages of BYOD
There disadvantages of BYOD. Network security issues and the time that must be invested in order for IT departments to establish, monitor, and maintain BYOD schemes.
Not all personally owned devices will have the necessary security protections, and some may fall short of company requirements. IT departments will need to assess all devices and support a much wider range of equipment than they would normally need to. IT professionals do not have any say in the devices that employees buy, as they are bought for personal use, not for use at work.
Instead of 100 desktop computers to maintain, IT departments may need to accommodate 100 laptops, 100 Smartphones, and 100 tablets, in addition to all the desktops. All of those devices will need to connect to the network.
It is difficult to control what employees do and access on their devices outside of working hours. The risk that comes from those devices is therefore considerable. Malware and viruses could be accidentally downloaded and detecting malicious software is complicated. Worse still, Android phones are now being increasingly targeted by cybercriminals.
So what can be done to make the devices more secure and how can risk be managed? The answer is to implement policies to control the use of personal devices, restrict the devices that can be used to connect to the network, and to ensure Bring Your Own Device best practices are adopted (and that the Bring Your Own Device best practices are adhered to by staff members).
Bring Your Own Device Best Practices
Adopt these Bring Your Own Device best practices and you will find it much easier to keep your network secure and malware free. Fail to develop policies to cover BYOD, or fail to get staff to follow these Bring Your Own Device best practices and the disadvantages of BYOD are likely to outweigh the advantages.
- Decide which devices you will support based on those that offer the necessary security controls
- Check each Smartphone before authorizing its use to make sure it has not been jailbroken
- Introduce policies to cover allowable uses of the devices
- Devise policies for user groups, with different rules, regulations, and privileges for each, as appropriate
- Develop policies to cover the use of Wi-Fi and ban or restrict use on open networks
- Restrict the apps that can be downloaded, and from where (only from the Google Play Store, for example)
- Segregate work data and personal data
- Use software that permits remote wiping of data
- Ensure controls are in place to allow devices to be locked remotely
- Install a secure text message package if sensitive data needs to be communicated
- Install an anti-spam and anti-malware solution
- Ensure anti-virus software is used and set to update automatically
- Train staff on data privacy and security best practices
- Speak to employees to find out how they use their devices to identify security risks
- Implement a software solution to monitor and manage BYOD – it will save time and money in the long run
- Develop a support policy – dictate what support will be provided
- Implement a policy to cover data when an employee leaves the company
Have you already adopted your own Bring Your Own Device best practices?
Are there any Bring Your Own Device best practices that your company has implemented that we have not listed? Do let us know!