Are you OK with BYOD? Should you be?
First it was personal laptops and home computers via VPN. Then came the smartphone and tablets accessing business email. Now we have Microsoft Teams with confidential chats and business files on multiple personal devices. What does BYOD mean for your business and how do you deal with it?
It’s your decision!
There is no right or wrong answer here. Like many security challenges, it’s a balancing act between flexibility and ease of use on one hand, and security controls on the other. To make the right decision for your business, you need to understand the risks.
Why?
It’s all about your business data and ensuring only authorised people have access to it. That’s it!
We don’t need to explain the damage if data is accessed by the wrong people – ransomware, Notifiable Data Breaches, downtime, PR disasters, contractual breaches. The list goes on.
Do you know where your data is located and are you confident the personal device has enough security to protect it?
- Let’s start with smartphones and tablets.
BYOD phones and tablets are so common, we don’t really think of it as BYOD anymore. But there’s a lot of business data on them. At a minimum, business emails and contacts! - Now add modern collaboration tools to the mix
Tools like Microsoft Teams are changing the way we collaborate in great ways. But suddenly, the volume of company data stored or accessed from mobiles and tablets has grown exponentially to include business files and chats. BYOD phones and tablets potentially have access to all of your business data! - And then there’s personal and home computers
Even more data and complexity. Do your staff have adequate anti-virus protection? Is the computer password protected? Is it patched and secured? Who else at home uses the computer?
Remember – you have control!
Start with a policy
While your business may not own the device, you do have the right to control how staff access your company information. Be explicit with your staff about what they can and cannot do.
For Mobile Devices
You can enforce policies that require a password (or biometric lock) to use a phone or tablet for work purposes. Don’t allow staff to use any BYOD without this security at a minimum.
Control what applications staff use. We recommend Outlook rather than the default mail app. Your policy should require staff to report lost or stolen devices straight away so you can quickly take the steps that will protect your data.
Personal and Home Computers
Computers are more complicated.
Use multi-factor authentication to require staff to verify their identity when logging into work systems. Set clear policies. For example, any data saved on personal computer must be stored in Onedrive for Business that you own and control. Require staff to have up-to-date antivirus software and keep their computer patched.
In summary, it all boils down to a few key things:
- Have the right solutions in place for your business and you staff
- Put together a policy structure for staff to follow
- Make sure the policies are clear and easy to understand
- Make sure you have a proper implementation so that everyone knows what’s expected of them
Don’t let BYOD confound and scare you. Taking some time to understand and manage the risks will protect your business.
Authored by Daniel Kane
Senior Technology Manager