Multiple forums and security gurus have expressed concerned about the Bring Your Own Device phenomenon, but at the end the question is:
Is BYOD our friend, or our enemy?
The answer depends on the angle from which you approach the situation.
On one hand, we can say that BYOD increases employee connectivity and availability. It has become increasingly common to receive an e-mail or voicemail response from a sales or technical contact after usual business hours.
On the other hand, BYOD compromises security. Company information can be exploited or compromised by malware, or employees can lose their device.
Establish BYOD policies
Because of the risk that businesses are taking when choosing the BYOD approach, many companies have adopted a “BYOD policy”. This allows them to continue providing their task force the necessary access and connectivity, while reducing the risk of a security breach.
Some policies that should be included are:
- Restrict the access from some devices onto the private network
- List which applications are required and which applications are not permitted
- Create a separate office network where all external devices do not have connectivity to the company’s critical applications, such as accounting databases or production servers
- Educate the staff prior to purchasing a mobile device
- Restrict the access to harmful sites or downloads
- Conduct continuous vulnerability assessments
If a device with any company information on it is lost or stolen, there are a few actions that you can take to protect the security of your data:
- Notify your direct boss immediately in order to have your credential re-issued and avoid releasing any more information.
- Wipe out all the information and track your device. Some operating systems such as IOS (Apple) and Android have designed apps for this purpose.
- Change your personal passwords immediately. If someone gets access to your e-mail accounts, they can reset any of your passwords associated to your e-mail.
- If your device is under a plan with a mobile company, notify your provider to avoid extra charges.