We use cookies on this website, you can read about them here »

Accept cookies

News

Security around the minefield of BYOD

Quick Definitions –

‘BYOD’ – ‘Bring Your Own Device’ is the practice of allowing employees to use their own computers, smartphones or other devices for use and connectivity on the secure corporate network.

The Rise of the Mobile…

Can you believe that the first mobile phone was created over 40 years ago?! But when it comes to technology, 40-years is like going back to the days of Moses or the Roman Empire!! – A lot can happen in that time. The first mobile was created by Motorola, weighed an incredible 1.1Kg, and took 10 hours to charge for a 30 minute call.

So, when did it become OK to use your own device for work? This happened around 2010, when smartphones and tablet computers really took off, the work place was suddenly flooded with them and employees who wanted to connect them to the corporate network. This as you can imagine created a huge hole in the security of information as identified in 2012, when the industry started to look at how we secure corporate networks from mobile devices.   More recently we see that ‘BYOD’ really no longer exists, as it has morphed in to a much broader spectrum of ‘BYOx’ where we are not just talking phones and tablets but also wearables such as smart watches and fitness monitors etc.

How do we secure a BYO?

I think, first to understand how we can secure these devices is to understand and accept they pose a risk to the Confidentiality, Integrity and Availability to your Primary asset – your Information.   BYO’s have been very hard to manage in previous years, it is essentially like having an opening in to your house, which has no door on it, what is to stop anyone from walking in?

It is important to ensure you have an awareness of what BYO’s exist within your environment and to develop a policy around the best practice when using these devices.

What might your policy say?

In very simple terms, the policy should say whether use of BYO is permitted, what devices are permitted and lay out some guidance on how they can be used securely within your environment. Examples of guidelines it may be prudent to implement:

  • The device must be protected as minimum with a complex password and auto-lock when left idle
  • Devices must be reviewed before they can access the network.
  • Specify what security tools and encryption your business requires, enforce security policy with your software where possible
  • Your company should have the ability to track, locate and remotely erase the device (if the functionality exists), devices may be remotely erased when lost or if a breach or threat is detected
  • Lost/stolen devices must be reported within a specified timeframe
  • No company information is to be stored on the device
  • It remains the responsibility of the device owner to maintain the device at all times and ensure it is in good working order

Once you have decided on your BYO policy in line with your business risk appetite then you should ensure all users understand the BYO policy and your Acceptable Use policy, and finally ensure you have a robust exit strategy to promptly disable access for leavers.

 

November 2017

Security around the minefield of BYOD  
Share this Site