BYOD Security: Expert Tips on Policy, Mitigating Risks, & Preventing a Breach

by Nate Lord, Digital Guardian, June 3, 2015

Despite all of the security risks BYOD poses to an IT environment, the trend of businesses embracing bring your own device in the workplace continues to grow at a rapid pace.

Some of the main reasons companies of today are so accepting of BYOD in the workplace usually relates to employee satisfaction and increased productivity: employees who are permitted to use their own devices in the office are generally more satisfied and some 43% of employees connect to their emails on their smartphones in order to get ahead and ease their workload.

Since it seems that BYOD is quickly becoming the new standard in workplace technology rather than an exception, we wanted find out how companies who are already investing in a BYOD workplace, or are planning to do so in the near future, are keeping their data secure. To do this, we asked 30 data security experts to answer this question:

“How can companies keep data secure in a BYOD environment?”

Paul Hill @SyExperts

Paul Hill is a Senior Consultant at SystemExperts, an IT compliance and security consultancy, and works to provide clients with both strategic and practical guidance to build effective security organizations.

To have a successful BYOD program, companies must…

Maintain the security of their systems and the confidentiality of data. The four most basic BYOD technical controls that a company must implement are:

  • The company must know what devices are being used legitimately, so each device should be registered and authorized.
  • A PIN or pass phrase must be used to access the device.
  • The ability to remotely lock and wipe the device must be enabled.
  • Employees must report lost or stolen devices in a timely manner so that they can be locked and wiped.

Additionally, a successful BYOD program should include policies and training to protect both the company and the employee:

  • Do have policies that require employees to waive all liabilities in the event that the company remotely locks or wipes a device.
  • Do have relevant acceptable use policies that also describe what is prohibited, such as using jailbroken devices.
  • Do provide security awareness training about the risks associated with mobile devices and the importance of timely reporting of lost or stolen devices.

To see what all the experts have to say go to Digital Guardian.