Bring Your Own Device (BYOD) Policies | What to Consider

Posted on: 11th January 2018

 

byod

 

Lots of companies encourage bringing your own device to work (BYOD) and there are some definite advantages to businesses doing this. For example, the cost of buying equipment is significantly reduced. Breakages and wastage are also likely to be reduced by the fact that people tend to take better care of their own equipment than company-owned devices.

Additionally, people are familiar with their own devices, and understand how to use them to the best of their ability, a lifelong Windows user may struggle with switching to the controls and different operating system used by the Apple MAC for example.

Finally, the flexibility BYOD offers is a huge advantage. But along with advantages, there are of course disadvantages to adopting this way of working, one of the main downfalls being the security aspect. For this reason, a stringent BYOD policy needs to be in place if you want to keep your business as secure as possible.

Even though there are many companies that don’t work purely on a BYOD basis, there are still many office settings where despite perhaps having Office PCs for staff, there may be other employees such as in a sales department, bringing personal tablets or mobile phones in, which means a BYOD policy becomes necessary.

What counts as your own device?

First of all, it is important to understand what counts as a personal device, and what the policy must cover. Devices aren’t restricted to laptops, but rather, anything electronic that is connected the company network. This could be tablets, phones, kindles and PCs.

What kind of things should you be considering?

A proper document concerning the BYOD policy should be created and distributed amongst staff so that everyone is in the know about what is required of them and how they must comply with the policy. Here are a few tips, (although this is not an exhaustive list) that are important factors to consider. To read the information suggested by The Information Commissioners Office (ICO) click here.

  1. Passwords

Some users may prefer not to have passwords or touch ID enabled on their personal devices as they see them as inconvenient when trying to access the functions of their device.

However, if an employee wants to bring in their own device and connect it to your systems, then they’ll have to accept a complex password attached to their devices at all times. This should be a strong, lengthy alphanumeric password too, and not a simple 4-digit PIN.

Another factor to consider is how often the user should be changing their password, for example will mandatory monthly password changes be put in place?

  1. Apps

 Are employees granted free reign when it comes to downloading apps on their device? Employees should be explicitly told what apps are permitted, as well as those that have been blacklisted. Don’t forget to update this list frequently to stay current with changing technologies.

 For example, what if the latest Twitter app has a security hole in its integration with the Mail app on the iPhone that allows spammers to access mail through your organization? What regulations (government, industry, or otherwise) must be adhered to when using employee devices?

 Many free applications have been found to track users and share user information with advertisers or other third parties. Enterprise users should review app permissions prior to downloading and download only from trusted publishers.

  1. Security Updates

 Different operating systems may have different security features or vulnerabilities and the organisation must ensure that staff always have the latest software update installed. This ensures that any security flaws are patched over.

Additionally, all users should periodically back up the data on their devices. Backing up data in conjunction with having security and recovery procedures in place will greatly reduce the damage should a device get lost or stolen.

  1. Staff leaving

 Upon staff leaving the business, it is important to define how you will enforce the removal of access to email, tokens, data, applications, and other organization information.

You may choose to perform a wipe of the device as a compulsory exit strategy. You should have a clear method for backing up the user’s personal photos and personally-purchased applications prior to this exit wipe.

Phone numbers can be valuable currency. As a sales person or a customer service provider, your phone number is a strong link between the organization and its customers, but the same number can also be important in a person’s private life. Does the employee give clients their personal mobile number but also use that number for their GP?

This bears the question of who owns the number when someone leaves the company. There should be a clear stance on this from the beginning.

Once you have your BYOD policy in place, you should perform routine checks to determine how the policy is working and what may require changes or updates.

We hope that these tips have helped you, although we understand there is a lot more to creating BYOD policies than this, but tips like this are useful to consider.

We can help your business with creating a thorough and detailed BYOD policy that takes into account numerous factors and considerations and help your business stay safe and secure. Give us a ring (0115) 8 24 25 26 to speak to one of our Account Managers or drop an email to sales@pyranet.co.uk

Pyranet Team