BYOD policies that will keep your business secure

BYOD policies that will keep your business secure

Several years ago, a bring your own device policy (BYOD) may have seemed impractical to business leaders who balk at implementing such a seemingly complex setup. But times have changed.

Implementing a BYOD policy in your business can, in fact, bring about many positive changes. Based on a Cisco study, 69% of IT decision-makers favor BYOD because it increases productivity and employee satisfaction and lowers IT expenses.

But as more businesses adopt BYOD, safety concerns become more of an issue. Luckily, there are ways to minimize BYOD-related security threats.

Impose BYOD-specific rules on personal devices

Employees who prefer to use their own devices should be subject to the same security protocols as those who use only company-issued devices. Start by taking inventory of the devices they intend to use, including laptops, tablets, and mobile devices so your IT department can easily monitor all of them.

Your BYOD security policy should also impose the same password rules on personal devices. These should include creating long alphanumeric passwords, changing them regularly, using a company-approved password manager, and enabling multi-factor authentication, which adds another method of verifying user identity when logging in.

Create guidelines for connecting to public Wi-Fi

Although there are benefits to allowing your staff to work remotely, there are also risks. And one of the most common risks span from connecting to unsecured public Wi-Fi such as those found in airports and cafes.

Doing so puts your data at risk of getting intercepted and decrypted by hackers. This is done via ‘man in the middle attacks,’ which are particularly effective in poorly secured wireless networks. With that in mind, if employees must connect to a public Wi-Fi, they should only be allowed to do so if their devices have anti-malware security software installed on them.

Allow secure apps only

When you have a BYOD policy, some of your employees may install unsecure apps. Games and other non-business apps may seem innocuous, but their security vulnerabilities could put your entire network in danger.

Worse still, even legitimate apps can pose serious hacking threats to your company. So as a precautionary measure, you should limit or reduce the installation of non-productivity apps on devices used to access company files and programs. Otherwise, your IT staff will have more difficulty screening individual devices and inspecting apps for potential threats, which would mean more work for them.

Implement strict criteria for authorized devices

Managing multiple devices that run on different operating systems with specific security requirements and patches adds to your IT staff’s workload. Implementing a BYOD plan should simplify, not complicate work processes, so staff members who use high-risk devices like jailbroken tablets and smartphones should not be granted full access to company resources.

Plan for staff turnovers

Make sure you have a system in place that involves wiping out all business apps and files on all personal devices whenever an employee resigns. This should be done before the employee’s last day at work and made mandatory during the exit clearance process. For terminated staff, we recommend deploying a strategy that removes business files on personal devices, such as by remotely wiping them out.

Compensate employees’ data usage

Companies save money when employees use their own laptop and mobile devices to work. In some instances, they may have to spend on installing certain software and subsidize computer repairs, but these costs are small compared to setting up a new computer. To compensate employees who use their own devices for work, you could cover their spending on data, which can also encourage them to optimize BYOD capabilities and to avoid connecting to public Wi-Fi.

Dyrand’s IT consultants have helped Canada and US small- and medium-sized business maximize their technology resources, whether they prefer an in-house or remote work setup. Our IT support team can build the most suitable technology infrastructure for your organization. Call us today.


Nicholas Drayer

Nicholas Drayer

Managing Director