IT Insight: BYOD-Bring Your Own Device Precautions in the Workplace
Allowing employees to “Bring Your Own Device” (BYOD) to the workplace evolved significantly during the Covid-19 Pandemic, due to both chip shortages and equipment supply chain shortages. With more employees working from home and the inability to acquire company owned devices, the logical solution was for employees to use their own devices (smart phones, laptops, tablets, etc.) to access their business enterprise networks. Although these efforts provided terrific opportunity and solved immediate needs, BYOD allows for risks and challenges for business owners not prepared to roll out an effective BYOD IT Policy.
The growth of remote work and hybrid work arrangements, and the opening of corporate networks to vendors and contractors, has accelerated the need for BYOD policies especially with decreased control over an organization’s attack surface, managing a workplace with non-standardized IT inventory, and concerns over workers’ privacy.
Your business needs to consider restricting certain data to only devices where your IT team can exercise the maximum level of control. Priority should be given to a mobile device management (MDM) policy which should include security software installed on all personal devices. Companies may offer BYOD incentives like free antivirus software, password managers, or implement web filtering at the internet gateway rather than endpoint level for employees to buy into this program.
Your BYOD Policy should specify what device types are permissible and establish a strict security policy for all devices. Additional steps that staff may normally skip, such as locking device screens or requiring passwords because these features create additional steps that inconvenience them, will be followed when clear company policies exist.
With all businesses being vulnerable to cybercrime, breaking or stealing passwords is a key step in a high proportion of successful cyberattacks. To help protect against cybercrime, all users should utilize strong passwords for all IT systems and applications that are company-owned and or used in connection with company business and this should be identified in your BYOD policy.
Your BYOD Policy should clearly outline a service policy for BYOD devices, including what IT support is available for employees connecting to the company network, support for applications installed on personal devices, and support for resolving issues between personal applications and company applications.
You must clarify the ownership of apps and data, as well as the applications that are permitted or prohibited. It should also outline what the security requirements are for BYOD devices before users are granted access to the network and what data they will have access to.
What happens to the company data that may be stored on the employee’s device should an employee leave the company? Define clear policies that explain the procedures that must be followed when an employee separates, such as the wiping of the employee’s device by IT, and any other precautions that should be explained in detail.
Risks, liabilities, and disclaimers should be disclosed in your BYOD policy. This includes company liability for an employee’s personal data, should a device have to be wiped as a security precaution, as well as employee liability for the leakage of sensitive company data brought about by employee negligence or misuse.
Protect your business and sensitive company data. Your Managed Service Provider will help you to identify the need for and to what level you may establish a BYOD Policy. Call for your free network assessment today. PCGiT-Comprehensive Managed IT and Security Service, tailored to your business.
JoAnn Hodgdon is vice president and co-founder of Portsmouth Computer Group (PCGiT) with her husband David. PCG provides comprehensive managed IT services, business continuity, security, cloud computing and Virtual CIO services to their clients. You may reach her at joann@pcgit.com or at www.pcgit.com.
This article originally appeared on Portsmouth Herald: IT Insight: BYOD-Bring Your Own Device Precautions in the Workplace
