With cloud technology becoming so popular many small businesses are utilising a Bring Your Own Device (BYOD) policy; which is a concept that involves staff bringing personal devices to work, such as smartphones and tablet devices and using those devices to access company resources such as email, file servers, and databases. Many businesses are adopting BYOD with out thinking about the risks to their data.
Companies can prepare for potential problems by drafting clear policies and thoughtful procedures to handle the influx of smart phones and tablets that employees now bring to the office.
Here are some considerations to think about when planning a BYOD policy for your network:
Specify What Devices Are Permitted
There are many device choices available and its often not cost effective for your company to support every device available. Make it clear to employees who are interested in BYOD which devices you do or don’t support.
Establish a Stringent Security Policy for all Devices
Users tend to resist having passwords or lock screens on their personal devices. They see them as a hurdle to convenient access to the content and functions of their device. However, this is not a valid reason —there is simply too much sensitive information to which phones connected to your corporate systems have access, to allow unfettered swipe-and-go operation of these phones.
If your users want to use their devices with your systems, then they’ll have to accept a complex password attached to their devices at all times. You need a strong, lengthy alphanumeric password, too, not a simple 4-digit numerical PIN. Check with your administrator to see what device security policies you can reliably enforce with your software.
Make It Clear Who Owns What Apps and Data
Your company clearly has ownership over data stored on company servers and the personal information stored on the servers that your employees access with their devices, it becomes more problematic when you consider the problem of remotely wiping the device in the event it is lost or confirmed stolen. When you wipe the phone, traditionally all content on the phone is erased, including personal pictures, music and applications that in many cases the individual and not the company, has paid for. Sometimes it’s not possible to replace this data particularly if there is no backup of the device. Does your BYOD policy make it clear that you need the right to wipe devices brought onto the network under your plan? If so, do you provide guidance on how employees can secure their own content and back it up so they can restore personal information once the phone or device is replaced.
What can or can’t the device be used for in work time
This needs to be thought about carefully, you do not want staff constantly checking Facebook or text messaging friends while they are supposed to be working.
Set Up an Employee Exit Strategy
Don’t forget about what will happen when employees with devices on your BYOD platform leave the company. How do you enforce the removal of access credentials, e-mail access, data and other proprietary applications and information?
It’s not as simple as having the employee return the corporate-issued phone. In this case, many companies choose to rely on disabling email or synchronisation access as part of the exit interview and HR checklists, while more security-conscious companies choose to perform a wipe of the BYOD-enabled device as a mandatory exit strategy. You should have a clear method for backing up the user’s personal photos and personally-purchased applications prior to this “exit wipe”. Proactively reach out to affected users to help them take part in this process—all while making it clear that you reserve the right to issue a wipe command if the employee hasn’t made alternate arrangement with you prior to his or her exit time.