Effective IT Management

The Bring Your Own Device (BYOD) trend has transformed businesses and employees’ work styles. It’s become increasingly common for workers to bring their own smartphones, tablets, and other devices to use in the workplace. As useful as these personal technologies can be, however, they also bring potential security risks that are tough to avoid if you’re not prepared. To help companies maintain optimal network security, here are some reasons why you should be worried about BYOD and how to manage it effectively.

There’s a lot of concern in big corporations about employees using personal devices for work purposes. Security breaches, sensitive information being hacked or lost, breaches of privacy from an employee’s personal life spilling over into their work life. All these things should give you pause when considering whether your company should implement a bring your own device (BYOD) policy. In other words: be very careful! Before you do anything else, identify specific risks that your company might face if it introduces a BYOD policy. Next, explore ways to mitigate those risks with appropriate countermeasures. And finally, develop clear corporate policies about what is an acceptable use of corporate data on employees’ personal devices, as well as security responsibilities they must assume by using their own hardware for business purposes. The more thoughtfully you can approach BYOD policies at your organization—both before and after implementation—the safer everyone will be . . . including yourself!

Employees are worried that their company’s Bring Your Own Device (BYOD) policy is putting too much data on their personal devices. The concern? That they will be liable if something happens on those devices, like a lost laptop or even a home robbery. Another issue lies in losing track of company data; what happens if an employee leaves? What happens if they leave with some of your data?  Is it ever really truly secure? As more businesses offer BYOD policies for employees, more questions arise—questions you must have answers for. After all, there’s nothing worse than having no security measures in place just because your business doesn’t see what harm could come from allowing such freedoms. However, understanding these concerns and helping ease them is paramount for growing as a company. Here’s how: Explain your BYOD Policy: While it may seem obvious, many companies do not address their employees about what they can and cannot do with company information outside of work. Letting people know clearly that work emails can go through personal email accounts or explaining why documents should not be uploaded onto Dropbox, Google Drive or Sharepoint can prevent major issues down the road.

According to Webroot, 86% of mobile malware targets Android devices. That’s because Android is both hugely popular—accounting for about half of all mobile devices shipped—and has a very open architecture. Hackers exploit those characteristics by creating malicious apps that steal information from your device, use your identity in fraudulent transactions, or install malware on other people’s smartphones if you happen to share them with them. If you’re part of an organization that allows employees to bring their own devices (BYOD), make sure your IT department can detect and block these threats before they infect your network. If your company doesn’t allow employees to bring their own phones but there are still some around, make sure everyone understands how dangerous they can be; it should go without saying, but don’t download shady applications onto work-issued phones or tablets either. Also, avoid rooting or jailbreaking any such devices unless you know exactly what you’re doing; most malicious attacks against Android users come via third-party marketplaces—you wouldn’t visit a restaurant and buy food off its sidewalk menu, so don’t take security risks at home or in public. As far as internal risks go, check out any apps running on web servers to see if they contain malware strings when conducting penetration tests periodically.

Windows OS-based smartphones, tablets, and laptops require a much more hands-on approach. Once you’ve identified what needs to be managed, you can use a number of built-in management tools provided by Microsoft to ensure your devices are running smoothly and securely. Make sure that all Windows OS users have installed updated anti-virus software on their devices. In addition, it is important that corporate email communications remain secure from outside intruders. One way to achieve security is through encryption—which both protects data at rest (when stored) and data in transit (during transmission). Good encryption will render an intercepted message unreadable. Typically, stronger encryption requires more processing power; make sure your mobile devices are able to handle any encryption requirements placed upon them. Encryption is performed through a function called Data Encryption Standard (DES), developed by IBM and adopted as a federal standard in 1976. Today, most forms of data encryption used for securing wireless communication use Advanced Encryption Standard (AES)—also developed by IBM as part of its MARS project. To protect against unauthorized access to device resources, you must first create password policies.

In contrast, Apple’s iOS mobile operating system provides a much more limited set of controls. In fact, when it comes to security, iOS is incredibly secure by default. There are some settings that can be tweaked to further increase your level of protection. For example, turning on Find My iPhone will allow you to track a lost or stolen device from any web browser with an Internet connection. If you have multiple devices running iOS 7 in your organization, be sure each device has to Ask for passcode turned on. This will prevent unauthorized users from accessing data if they were to gain access to one of your devices without permission. Another setting worth enabling is Erase Data. When enabled, all data stored on an iOS device—including locally stored documents—will be erased after 10 failed attempts at entering the passcode. Combined with Find My iPhone, you’re pretty well protected against unauthorised access to your iOS device unless someone cracks both passwords. Other than these small tweaks there isn’t much else left to do regarding iOS security management.

Despite all of your best efforts, it’s possible that someone will steal your corporate data or your devices will be lost or stolen. To counter those risks, make sure you’re taking measures like encrypting files on hard drives and backing up critical data. Also, ensure you’re implementing policies (backed by legal documents) for employees to protect personal and business data on their mobile devices. Finally, make sure you are conducting regular security audits to uncover anything that may be missing. By staying proactive about managing these risks, you can reduce them while maintaining a happy workforce.  Don’t just use passwords: A password is simply not enough protection when it comes to accessing sensitive data on mobile devices. One strong option is installing applications onto company-owned tablets and smartphones that require users to log in with an ID number combined with biometric information such as fingerprints. If businesses want to go even further, they could install hardware-based encryption keys on individual devices so they can read what is stored locally without being able to access any files remotely. Make sure that networks are secure: Another important step companies should take is switching from public Wi-Fi networks—which have limited security features—to private ones with robust firewalls. They also need to avoid using Bluetooth connections since they aren’t encrypted. For added security, set up virtual private network technology that creates a sort of safety tunnel over common internet protocols; VPNs let workers connect securely wherever they might be (at home or travelling). Involve IT early: Companies shouldn’t rely solely on end users to implement effective BYOD strategies. Instead, bring IT in early in order to establish clear goals for creating mobility policies; don’t forget to include input from other departments like human resources and risk management.