Data breaches and leakages caused by human error are a growing security concern as BYOD increases. Lost or stolen smartphones, tablets, and laptops are in particular a major security challenge.
The good news is that we are also seeing new technologies and techniques to help secure organizational data. For example, role-based access controls help keep an attacker from completely taking over a system by leveraging one set of hacked user credentials. As complicated as user name and passwords have become, we also suspect the use of much stronger authentication tools like two-factor verification to increase in the years to come.
However the secret sauce is to manage your people as well your technology. Full BYOD best practices are needed- We recommend:
- Make a policy and stick to it - Write an official company policy that spells out exactly what you expect employees to do—and not to do—on and with their mobile devices. Don’t make exceptions, not even for yourself or for top executives. You must set the example or everyone will ignore the policy. Plus the likelihood of a senior manager having the most sensitive data on their devices is much higher.
- Disconnect employees immediately when they leave- Be sure you have the means to disconnect and wipe company data from personal devices when an employee leaves the company—voluntarily or otherwise.
- Everybody doesn’t need to access to everything – Tier your data access rights by role. Modern mobile device management tools make this fairly easy.
- Ensure Proper Mobile Device Management Applications are used - They give you the ability to control wireless access to apps, data and even specific device capabilities under specific circumstances, for both company-owned and BYOD devices. The ability to locate, lock or wipe company apps and data from lost or stolen devices is a key capability for keeping sensitive client and company data secure.
- Trust the Cloud-Trusting the cloud is a scary idea for many small & medium businesses. However cloud-based services are easy to adopt, require no big software installs or hardware investments, and are a growing favorite of SMBs.
- Get back to Basics- Deploy antivirus and malware solutions across all mobile devices. Standardize on one product suite, then automate the update process. Do not rely on your staff to keep security software updated.
- Leverage built-in free security controls on devices- All modern mobile devices have some built-in security controls. These features include lock screens, the capability to wipe the device after a number of failed authentication attempts etc.
- Protect your data, not your devices - Opt for solutions that focus on data access controls. Also, prevent data from being stored on mobile devices. Cloud based storage solutions have many ways to do this.
- IT resource constraints -Small and medium businesses may need IT management to focus on mobile devices. Tools are invaluable but management is almost always the weak link in the BYOD security chain.
- Communication & Education- Have an open and ongoing dialog with your staff on the applications they use, need and want. Also ensure proper training is delivered on all of the above recommendations.