BYOD – Bring Your Own Device
What is BYOD (Bring Your Own Device)?
BYOD has resulted in data breaches. For example, if an employee uses a smartphone to access the company network and then loses that phone, untrusted parties could retrieve any unsecured data on the phone. Another type of security breach occurs when an employee leaves the company, they do not have to give back the device, so company applications and other data may still be present on their device.
A key issue of BYOD which is often overlooked is BYOD’s phone number problem, which raises the question of the ownership of the phone number. The issue becomes apparent when employees in sales or other customer-facing roles leave the company and take their phone number with them. Customers calling the number will then potentially be calling competitors which can lead to loss of business for BYOD enterprises.
A challenging but important task for companies who utilize BYOD is to develop a policy that defines exactly what sensitive company information needs to be protected and which employees should have access to this information, and then to educate all employees on this policy.
BYOD security can be addressed by having IT provide detailed security requirements for each type of personal device that is used in the workplace and connected to the corporate network. For example, IT may require devices to be configured with passwords, prohibit specific types of applications from being installed on the device or require all data on the device to be encrypted. Other BYOD security policy initiatives may include limiting activities that employees are allowed to perform on these devices at work (e.g. email usage is limited to corporate email accounts only) and periodic IT audits to ensure the device is in compliance with the company’s BYOD security policy.
The embracement of BYOD is causing headaches for IT managers who find it difficult to manage the vast number of employees using their own mobile phones, tablets and laptops. There are many ways in which BYOD can become much less of a problem by way of securing the data initially and by using policies based per group or user to determine who has access to data and at what level.
Here are ways to overcome BYOD nightmares:
- Secure wireless
- Antivirus for MDM
- UTM firewall
- Data leakage prevention
- Network Access Control
- Two factor Authentication