Bring your own devices are the new interconnected way of life as employees can use them to connect to work systems. Although there are many advantages such as increased productivity and flexibility, IT leaders are also aware of the threat they can present. Smartphones, laptops and tablets bring security vulnerabilities right into the workplace. Having a strong BYOD policy is essential for curbing potential problems as are management protocols that enable remote wiping or access removal. A solid BYOD protocol will allow for multiple devices, strong passwords, a plan of action if a device is stolen or lost. If you consider the benefits outweigh the risk there are several things to start you off on writing your BYOD policy:
Define: what is a BYOD as defined by you? What is acceptable and what is not and does your IT department have the capacity to support it?
Implement: create a list of security requirements for the BYOD including passwords that all employees must use even if the device is not brought into work again.
Decide: implement strong passwords that limit device access and educate employees on what they are.
Ownership: define who actually owns what data, this is important since work and personal tasks can intermingle. What happens to the personal date when a device is compromised is that wiped also. Place safeguards for personal data to be placed in the cloud so personal data is not lost.
Servicing: outline what services are available to support the devices if they break. Will there be a replacement if the device needs a fix?
Limits: propose limits on applications. Apps can pose a potential threat because they allow data transfer between devices. If they have a flaw this threat increase and creating an approved list of apps is wise.
AUP: align your Acceptable Use Policy (AUP) with BYOD.
Exit: think about employees that no longer work at your organization. Outline line what happens to data on their devices and place a clause in the BYOD policy to enable everything to be wiped off a device. Cloud storage has made it easier to prevent access to the company platform but do not aid the matter of already downloaded content.