Ask the Expert: Bring Your Own Device to Work
EXPERT OF THE MONTH: BEAU MONDAY, INFORMATION SECURITY DIRECTOR, HAWAIIAN TELCOM, WWW.HAWAIIANTEL.COM
Most of my employees access their work files from home or using their personal, mobile devices. What should I do to ensure our company network is not compromised?
BYOD refers to “Bring Your Own Device,” or the practice of employees using their own mobile devices for work. While this has become commonplace in many companies, it can introduce new security risks. However, there are several guidelines businesses can implement to protect the company network.
Develop a company-wide BYOD policy that defines what data an employee-owned mobile device can access. Outline the employee’s responsibility to keep personal devices secure and make sure the company regularly runs security software on those devices so that everything is up to date and protected. Employers should also be clear that it has the right to remotely remove all company-related information and data from the device if it is stolen or an employee is terminated. Some employers address this by asking employees to sign a release acknowledging that they understand the company may “scrub” the device if a situation arises that could compromise the company network.
Educate employees on mobile device threats and how to leverage security software. Provide information on how to use screen locks and create strong passwords to prevent a security breach. Send out notices on the latest scams and threats so employees are aware of the dangers.
Standardize on a handful of devices. Employers have little control over the devices employees own, but they can point them to approved devices or provide a small stipend to encourage employees who are using older devices to upgrade to those with more security features and newer operating systems.
Implement a mobile-device management solution. There are many affordable MDM options that allow employers to enroll employees’ devices into a program that requires them to set up precautions, such as an unlock screen. More advanced suites can do a granular device wipe, targeting company-sensitive data while leaving the employee’s personal photos and contacts intact. With some suites, companies can even detect if a device has been “jailbroken” and prevent it from connecting to the network.