Top 5 BYOD Policy Concerns and Best Practices

1. Top 5 BYOD Policy Concerns and Best Practices Organizations from varied industrial sector are embracing BYOD or at least contemplating to implement. They are aware of all the advantages and possibilities it brings not only to the employees but also to the overall IT management system. So, if you are ready to embrace BYOD in your culture, chances are you have evaluated the challenges and are now preparing to put in place a robust BYOD policy that will effectively protect your sensitive business information, keeping in mind employee’s interests. We list five policy concerns and best practices to follow while you get onboard with BYOD: 1. Asset Security For an organization, there is an array of assets that need protection – corporate data and applications, devices (both company and employee-owned), corporate network and staff who manage these assets. When your data and apps move around the organization or out of it, they become difficult to manage and protect, and adding personal devices magnifies the problem. Possible asset security issues that can arise are:

2. Data theft, leaks or exposure to unauthorized • parties due to connection to rogue open wi-fi or ad-hoc networks, device sharing or device theft Data and app compromise or loss due to malware • or device loss Best Practices To protect your assets, your BYOD policy should consider: · Deploying Mobile Device Management tools to monitor malevolent apps or programs, monitor device usage, and remote wipe the data in case of device loss · Block access to blacklisted sites or apps from the corporate network · Grant sensitive data access only through trusted networks or VPN · Clearly list acceptable use - specific data, systems network, and a specific time when the BYOD devices can access corporate assets · Installing firewalls on employee devices to block illegal packets, in case an employee device connects to an unsafe external network · Encrypting corporate data on employee device or moving outside corporate network boundary · Strong password policy to access the device

3. · Track where, when, and how these devices connect to a network 2. Employee Privacy While you install MDM tools for BYOD device management or use Unified Endpoint Management (UEM) systems to monitor and control BYOD device usage, it is vital to protect employee privacy too. Employees may be wary of registering their devices to the MDM platform or may feel their personal data is at risk. Best Practices To protect employees’ interests and ensure that their personal data is not jeopardized: · Clearly, state the amount of access (which covers maximum business needs) needed to the employee’s personal device · Receive and document employees’ signed consent for the employer to gain access, review, monitor, and collect legally accessible data from BYOD device · Inform about remote wiping of business data in case of device loss · Prepare them for contingencies like accidental access or deletion of personal data · Use Mobile Application Containerization to

4. separate sensitive information from the personal information 3. Data Backup Most smart devices these days have automatic cloud backup feature. Also, employees use a variety of cloud-based solutions to back up their personal data, which is a good practice. But problems may arise if business data is stored on a third-party cloud platform. Best Practices To protect your sensitive organization information from being stored on employee devices or cloud storage: · Monitor BYOD devices for any corporate data stored and wipe if required · Encrypt business information if it needs to be stored on a personal device · Block access to business data from a third-party application, thus avoiding data backup and this can be done using containerization · Provide a corporate cloud platform for employees to save organizational information

5. 4. Employee Exit It is a potentially critical situation when the employee exits the company. As employee devices are the primary work tools, once the employees’ exit, these tools also leave the organization with them. Best Practices Business should implement a practical plan to protect confidential data theft or loss, well in time before their exit. This plan could include: · Notifying IT team ahead of their exit so that they can remove them from the registered device list · Prevent access to systems and documents · Wipe corporate data from their device 5. Compliance The most important concern of devising a BYOD policy is ensuring compliance with the specifications. Employees may

6. falter in following the rules, skip some steps, or simply forget the policy, which can pose serious risks. Best Practices To ensure company-wide compliance with your BYOD policy: · Provide a BYOD Acceptable Use Policy that specifies how employees can use their own devices to access and process corporate data · Employee policy training which covers rules, protection mechanisms like passwords, two-factor authentication, avoid accessing open networks, blacklisted sites etc · Enter a signed contract or pact with them which clearly states the policy and repercussions in case of non-compliance · Allow only the registered BYOD devices to access company data or apps. · Conduct surprise audits · Apprise employees in case of updates in policy · Install security software like anti-virus, malware protection tools, endpoint monitoring agents on BYOD devices While accepting personal devices for work purpose cannot be

7. avoided, comprehensive, clear, and thorough BYOD policies must be put in place to protect your business. It should be accompanied by employee training on the benefits and risks of BYOD and ensuring that all employees follow the policy.