In a recent post, I discussed how mobile malware is on the rise. This trend is certainly concerning, and it has important implications for how businesses big and small handle employees bringing their own devices (BYOD) to the office. Employees enjoy the convenience of bringing their own mobile devices to work, and employers enjoy the cost savings. In many instances, BYOD can even improve efficiency and job satisfaction.
Keeping BYOD Safe
Between BYOD policies at the office and cloud services managing data and services, many businesses are getting away with smaller or non-existent IT departments. Just because the tech has been outsourced and employees are being trusted with their own devices, it doesn’t mean all of these devices are as safe. Here are a few things that all businesses can do to ensure they’ve taken adequate precautions — and that their data, secrets, and networks stay safe by having a BYOD policy in place.
1. Have an actual written policy
What are employees allowed to do with the smartphones, tablets, and laptops they bring to the office or connect to the network? What corporate data are they allowed to store on their personal devices? What will happen to the employee’s device if it is infected with malware? The best way to ensure the security of your network, is to take the time to develop and introduce guidelines to employees before rolling out a BYOD policy. When possible, get a small group of your employees involved in developing your policy. Some things to cover: What levels of support will you provide for personal devices? What happens if a device is lost? Will your employees receive loaner devices if their smartphone or tablet is being serviced? By answering these questions ahead of time, you’ll save yourself (and your business!) headaches down the line.
2. The dreaded lock code
When an employee loses his or her personal phone, that’s definitely a headache. But when that phone is a work device that can access the corporate network or contains unsecured data, that’s a much bigger problem. One simple policy can limit the damage when phones are lost or stolen: the lock code. A simple 4-digit PIN-style lock code won’t do, though. An alphanumeric lock code should be used for maximum security. I explain this more in-depth in a TODAY show segment about cell phone hacking. Many people resist putting lock codes on their smartphones and tablets because it means more work when they turn them on. So while lock codes definitely need to be a part of the rules for your organization and included in the policies I mentioned earlier, you’re also going to need to…
3. Educate your employees
If you’ve decided to enforce policies around which apps employees can install, what email client they should use, and to mandate the use of VPNs or other technology, an educational component is necessary. Beyond just giving the employees the rules, you will want to make sure that everyone has been educated on exactly why these policies are in place and what they mean. With the vast majority of malware coming from fake apps and alternate app stores, it’s crucial that employees understand the risks. The more restrictive your policies are, the more education is necessary. After all, while these devices may spend 9 hours in the office every day, they spend the another 15 hours in the employee’s control. That’s why it’s so important that they understand why policies are in place and internalize the rules you’ve set out.
4. Have an exit strategy
When an employee leaves your company, they’re going to expect to take personal data from their devices with them. But what happens to the corporate data on their phones and their access to key services inside your organization? If an employee’s device is infected by malware after they leave, it could have lasting security implications for your business. To protect against this, devices are often wiped clean and restored to factory settings. But with BYOD, a smartphone may include data that is extremely valuable to the employee, like personal photos and documents. That’s why it’s important to have provisions to back up and restore this personal data first. Specifics on this should be part of the policy you create. Be sure to define whether personal data is the responsibility of employees — or if backing up and restoring personal data on devices is something your company handles. Either way, before the first employee exits, this situation is something you need to be ready for!
Cost savings and employee morale are great reasons to implement BYOD policies, but that means big security implications for your business. If you have any questions, be sure to leave them in the comments below and I’ll get back to you!
Mario Armstrong, Digital Lifestyle Expert, is an Emmy Award winning, tech commentator for the TODAY show, CNN, HLN and Fuse. An entrepreneur by nature, Mario made his passion his career by quitting his day job and founding Mario Armstrong Media. Follow Mario at @MarioArmstrong. AT&T has sponsored this blog post.