Creating a more secure BYOD culture

woman using laptop computer

In this bring-your-own-device (BYOD) world, security depends on more than infrastructure.

Everyone in your organization needs to make a conscious investment in the security of their devices and of the network as a whole. Here are some ideas for security leaders to promote a culture that keeps BYOD environments safe and productive.

Cultural coordination begins at the top

When dedicated information security teams earn buy-in from IT, finance, operations, and customer-facing groups, the organization is stronger and better prepared. But presenting a coordinated message is also key.

Employees quickly tune out contradictory and overlapping messages. So if different aspects of a BYOD policy are communicated in piecemeal or confusing fashion by a half-dozen voices, the message won’t hit home.

Work with your security stakeholders to develop a set of principles and policies that everyone can live with and speak to users with a single voice.

Stick with bottom-line examples

It’s safe to assume that most employees don’t have a detailed understanding of how a rogue device that doesn’t look like a computer or smartphone can be subverted into a network security risk. Explaining the threat with detailed block diagrams and a primer on packet-sniffing isn’t the best answer to this knowledge gap.

When BYOD privileges are being curtailed or limited beyond what your users expect, stick with simple, concrete, bottom-line explanations for restrictions and risks.

Think like an early adopter

BYOD policies seem slippery and ill-defined when security leaders allow the tail to wag the dog.

Instead of pivoting the policy every time a hot new device reaches critical mass among the workforce, think like an early adopter. Watch tech trends and invest some petty cash in seemingly-implausible gadgets that just might catch on.

A chief information security officer may need to focus on compliance audits over staying current with emerging consumer tech, so make it a shared responsibility.

Everybody on the security team knows, if only on an informal basis, who is most likely to bring in the next challenge for the policy. Keep in touch with those people and invite them into the conversation.

Watch for user frustration

This step is particularly important for organizations that have a BYOD policy that extends to laptops and full-fledged computers. Users inadvertently create security headaches when they feel forced to find workarounds and exploits against restrictive policies intended to protect the organization.

If installing new software or accessing document shares is too onerous and employees feel that the policies actively keep them from doing their jobs, they will get frustrated, careless, and—worst of all—clever. Take the pulse of the people impacted by BYOD policies before they get desperate.

Offer alternatives, not just bans

If you are committed to keeping a class of devices off your internal network, consider a carrot-and-stick approach rather than an outright ban.

One example is creating an incentive for employees to use the mobile hotspot feature on their phones. This routes employee device traffic to the cellular network, and keeps it off your LAN.

Need some more ideas? Read more about improving your mobile device security.

Jason Compton Writer About Jason

Jason Compton is an internationally published writer and reporter with extensive experience in enterprise technologies, including marketing, sales, service, and collaboration. All opinions are his own. AT&T has sponsored this blog post.