One of the biggest challenges for many Canadian businesses today is keeping their employees connected while they’re on the road and that means giving them access to the data and tools they need, while also keeping it secure.
The BYOD (bring your own device) trend has certainly helped enable mobility but it has also been a source of constant frustration for both decision makers and IT as they grapple with complex security policies and an ever-changing and increasingly volatile threat landscape.
Thankfully, tackling BYOD security and policies doesn’t need to be complicated but there are a few key best practices that every company, large or small, should follow to make sure their program is a success.
-
Establish clear and practical policies
Here’s a frightening statistic, Dell reports that about half of the companies that allow BYOD have experienced a breach of confidential data, but 30% of employees say their organization has no explicit BYOD guidelines. Making sure your company has policies in place around BYOD is critical to keeping breaches low.
But there’s no point in creating policies if they’re simply going to be ignored. When developing BYOD policies, make them practical and understandable. For example, if you’re worried about specific apps or services, give your employees a secure alternative. Another good practice is to keep the technical terms sparse and write in language everyone will understand. When possible, giving an explanation for specific policies can help tremendously with adoption: if users know why they shouldn’t store personal data on corporate services, they’re more likely to follow the rules.
-
Set up passcodes
Don’t overlook the small details. Often users are not even equipping their devices with basic password protection. A recent survey showed that only approximately 30% of users deploy just a swipe screen or no security at all – not even a PIN. Every device should have a PIN, passcode or other lockout mechanism activated so that sensitive material can’t be viewed or accessed by unauthorized users.
-
Classify your data
Not all data is equal. Some of it might be highly classified material, like financial reports that need to be kept secret until released, but other information could be highly sharable, like sales and marketing collateral. Data that can be shared and accessed around the network should be made available to employees that need it on the go. Create a system to classify your data and make sure the appropriate action is taken.
-
When possible, don’t leave data on the device
Today, the abundance of fast cellular data and Wi-Fi connections means data doesn’t have to be stored on your employee’s devices. Using some cloud-based systems means users can access information on the go without having to worry about the data remaining on their device. It also has the added benefit of being able to cut down on your IT policies because users won’t be worried about sensitive corporate data on their devices.
-
Educate your employees
Similar to the first point, it doesn’t matter if your company has 10,000 employees or 10, advising users on safe mobile practices is the easiest way to keep a basic level of security going. When training your employees on BYOD best practices, don’t just send an email full of policies, jargon and IT-speak, instead host a BYOD information session and present real-world scenarios and how to respond. During the session make sure to give users a chance to voice their concerns and ask any questions.
How are you securing your BYOD project? Let us know in the comments below.