CEOs Guide To Corporate Mobile Device Security
One of the major advantages of newer technologies is their ability to connect employees working remotely. Connections to colleagues, data and files help make doing business more productive, effective and accurate, no matter where employees and their teams are.
That’s why more companies are establishing bring-your-own-device (BYOD) policies. Such guidelines allow companies to save on the costs of providing employees with their own mobile devices or paying for their maintenance and replacement.
Adopting such policies requires companies to set clear guidelines for the use of such devices and what obligations employers and employees have.
What Are the Advantages to BYOD Policies?
Along with the cost reduction, there are several other advantages for companies that choose to use BYOD rules:
- Increased employee satisfaction. Employees who can bring their own devices are more satisfied in the workplace, don’t have to manage multiple devices and can use their own device for work-related tasks.
- More productivity. Employees with access to workplace apps on their own devices can respond faster to inquiries, gain needed information and address issues quickly.
- Flexibility. Make it easier for employees to work from home, remotely or while traveling with ready access to communication and apps that let them do their work effectively.
- Reduces uncertainty. For companies that pay for voice and data services for employee devices, switching to a BYOD policy saves not only on contract costs but also on data and voice overage charges.
“Employees who are willing to spend their own money to procure their own devices can be a boom for their bottom line. In some ways, this is a perfect arrangement. Employees get to use their chosen device, which can improve productivity and morale while saving companies money,” notes a recent article.
What Are the Primary Disadvantages to BYOD Policies?
The primary concern for many companies considering adopting a BYOD policy is security. Consider that for every device you add to your network, that’s one more device that has access to sensitive, proprietary or protected information. A company-owned device provides far more control of what websites are accessible, when devices are updated and how usage is monitored. Companies can control what anti-virus, anti-malware and anti-phishing tools are installed and how frequently they’re updated. Control means a greater understanding of what’s protected and how.
Another concern to BYOD workplaces is compatibility and support. Your employees are likely using multiple devices with multiple operating systems and capabilities. Your IT team will likely be responsible for some aspects of device management, including installation and updating of apps, security processes such as VPN and other protections, and ensuring security patches are applied. Having more devices in play means more expertise is required of your IT employees.
When employees leave, there need to be clear procedures and auditing rules about ensuring that all access to company files, apps and data is removed immediately.
Scalability is another concern. As the number of employees grows, with some of them using multiple personal devices, the staff demand for management and updating grows accordingly. Company network infrastructure also needs to be expansive enough to accommodate all the new devices.
For employees, the main concern is privacy. Employees may wonder how much of their personal activity and device usage is accessible to their employers.
Are There Other Options Besides Company-Provided and BYOD?
Some companies choose one of two alternative policies that reduce the risk:
- COPE. Corporate-Owned, Personally Enabled devices are those employees can use as their own but are purchased by and owned by the company. However, employee privacy concerns can make such an approach unpopular.
- CYOD. A choose-your-own-device approach requires employees to select from a limited number of devices for use with employer applications and access. While this helps minimize the amount of support required, it may require employees to spend more on new equipment.
How Can Employers Maintain Security with BYOD?
Clear and consistent policies are key to effective BYOD workplaces. Here are a few of the considerations you should use when implementing BYOD policies:
- Determine what operating systems and devices your company is willing to support
- Create device enrollment practices, requiring devices to be registered and authenticated before they are connected to your company network
- Require strong password or passphrase guidelines, including length, complexity, change frequency and failed-attempt blocking
- Create automatic lockouts on devices after a period of inactivity
- Require employees to immediately report lost or stolen equipment
- Mandate that personal devices can be disabled or wiped in the event of a loss or theft
- Install required anti-virus, anti-malware and anti-spam software on all BYOD smartphones, tablets and laptops
- Automate regular backups of company applications and data from personal devices
- Keep devices and applications up to date using automated patching and updating tools
- Encrypt all BYODs, ideally with full device encryption. If that’s not possible, require all sensitive data to be stored in encrypted folders on the devices
- Determine if BYOD users will be allowed to print, copy, save or email information pulled from your servers
- Require employees to sign an agreement stating they understand all the policies, procedures, regulations and consequences for noncompliance
- Detail the consequences of not adhering to company policies
When companies pay attention to the policies and guidelines necessary to ensure secure and proper use, BYOD policies can be an advantage to employers and employees alike.