Bring your own device (BYOD) policies continue to grow in popularity. Employees and employers alike are enjoying the flexibility of using their own devices for work, so much so that we’re starting to see the workplace itself evolve. While we’ve seen many benefits to these policies (productivity, cost savings), it’s important to note that creating a BYOD policy without security in mind may put company data at risk.
BYOD policies may mean an increased risk for employee error. For example, a recent survey found around 40 percent of respondents said they never change their passwords on devices except when prompted to do so. Forty percent also said they use the same passwords across multiple websites. Such poor employee password habits can leave the door wide open for criminals, as we demonstrated last year, when hackers were able to infiltrate our fictional small business, Jomoco, in less than an hour.
However, a thorough understanding of the strengths, preferences and limitations of the average employee can address these security gaps. Here are best practices and recommended tools to implement effective BYOD security measures for your company:
BYOD best practices:
- Develop a BYOD policy in partnership with IT, risk management, and legal counsel. Keep an open line of communication with IT so they can quickly communicate new and emerging threats of which employees should be aware of.
- Educate employees on BYOD security best practices regularly. It should never be assumed that your employees understand all the guidelines spelled out in your policy.
- Require your employees to create long, strong and unique passwords, and encourage employees to take advantage of two-factor authentication wherever possible.
- Require that employees password protect their mobile device if it hosts company information.
- Require your employees to update their software on devices when prompted. These updates typically address security vulnerabilities.
- Require that employees quickly report any lost or stolen devices. Swift response allows you to mitigate the risk of sensitive information falling into the wrong hands.
- Use a secure alternative to open Wi-Fi networks. Provide employees with access to a VPN or hotspot.
- Create and provide standard antivirus, anti-malware protection for all types of devices.
- Consider enlisting the support of a proactive monitoring service for your company. By proactively monitoring for employee credentials on the dark web, businesses can determine when an employee’s personal information may have been compromised.
As a closing thought, always keep in mind that threats are constantly evolving, so a good BYOD policy is never complete. Just like any business process, BYOD polices should be reviewed and updated on a regular basis.