A BYOD (bring your own device) program will significantly increase the risk of your business’s data being compromised, as well as your business falling victim to cyber crime. It will also increase the many types of hardware and operating systems connected to your network. Applying the same security measures to all these different systems will not be equally effective, making it difficult to implement basic security controls across all devices. Understanding the main risks and determining how you will reduce these risks is an important step in launching your BYOD program.
Employee owned devices increase the risk of not only data loss but also an increased rate of these devices themselves becoming damaged or stolen. If a cell phone or tablet feels like a personal device, your employees may be less likely to take security measures or take care of them physically. Personal cellphones and tablets are also often shared with children and family members, increasing the risk of loss or damage or deleting company-owned data. Employees may also not think twice before connecting to open and unsecured wi-fi networks in public places.
If a device falls in the wrong hands, not only can the data on the device be at risk but also the link to the corporate network, such as VPN connections, which may lead to further data loss.
Additionally, the many applications we access on our mobile devices increase the security risks of supporting BYOD devices. Installing applications infected with malware will compromise the mobile device and any data on it. These applications may seem legitimate but they have been modified to include malicious code. Malware can also be downloaded when a user views a compromised website, or when sharing files locally, Bluetooth, etc.
At the same time, applications deployed by your business (custom or commercial software) on mobile devices may contain security weaknesses.
To manage and secure your business data, we have the following security recommendations:
1. Use a Mobile Device Management Solution
Mobile Device Management (MDM) solutions are software programs that enable your IT administrator to manage the mobile devices in your BYOD program. Using an MDM, your IT administrator can enforce your BYOD policies while also managing the security of enrolled devices. Components of a Mobile Device Management system may include application management, identity management and enterprise file sync and share management.
2. Enforce Some Basic Security Policies Including:
- Full-device encryption - encrypts all the data on the device, so if it’s lost or stolen, the business data will not be accessible.
- Complex passwords – define a requirement for passwords. Passwords should be lengthy and contain alpha numeric characters.
- Failed login attempt actions - set and manage a policy to lock accounts after a set number of failed login attempts.
- Remote wiping - define policies about remotely wiping data if a device is lost or stolen.
3. Ensure that all mobile devices have Anti-Virus Installed
Use a mobile anti-virus programs to protect both company-issued and employee-owned devices.
4. Educate Users
Create a cultural awareness of cyber-security issues and safety, including the importance of keeping their devices updated.
5. Patch Mobile Devices and Update Applications
Put a system in place to consistently patch devices on the BYOD program.
6. Maintain a Security Checklist for Enrolling in the BYOD Program
Create a checklist and criteria of security upgrades that an employee-owned device needs to go through to enroll in the BYOD program.
Bring Your Own Device (BYOD) Guide
For Small Business Owners in California