Let’s be honest: Bring Your Own Device (BYOD) is a major security headache for MSPs and IT departments.
This article goes back to basics, and presents five tips to help achieve the best possible level of BYOD security.
Be warned that reading this list may mean you identify some holes in your own BYOD practices – but surely it’s better to plug them before it’s too late?
A BYOD policy is never something that an IT department should develop without help and input from a company’s management team.
Some risks cannot be mitigated through technology alone. Any employee with access to sensitive data away from the office can use this maliciously if they so choose, and no level of investment in Mobile Device Management will change that. Management teams and HR departments must understand this, and appreciate that sometimes a signed non-disclosure or confidentiality agreement is just as important as an encrypted, centrally managed iPad.
The security risks of BYOD aren’t only about smartphones left on trains and stolen iPads. The apps people
use can create security risks too. Are staff free to drag confidential documents into their personal Dropbox accounts? Are some employees using “to do” list apps without appreciating that all the work they do should be help on company systems?
The more tech-savvy the workforce becomes, the more likely they are to start using software that may not form part of approved processes. Often this is done with no ill intent, but the security implications exist nonetheless.
As stated above, staff rarely create information security problems deliberately. On the contrary, they may feel they’re using their knowledge of third-party apps to benefit the business.
It’s best for IT departments to work with staff to inform and assist. It’s fair to say that it’s now rather unfashionable for IT departments to be draconian in their approach – they should instead work with staff to help them use all their new devices to do an effective job, while educating them to the fact that compliance requirements and regulations sometimes mean they can’t always have their own way!
MDM solutions now allow for a detailed level of lock-down and control on mobile devices across multiple platforms. Obviously decisions must first be made as to how much control IT may exert over employees personal possessions, but once there is clarity, MDM should be utilized to automate device control as far as possible.
At the time of writing, Microsoft are investing large sums in promoting Surface tablets, and it will only be a matter of time before Apple and Google next fight for center stage with new Nexus and iPad models. MSPs and IT staff alike must stay fully up to speed with these developments, as every new product announcement will, inevitably, be followed by a flood of new devices into the workplace.
The same constant awareness should also apply to new apps and mobile OS revisions. Luckily, as IT professionals are just as committed to their gadgets as the general public, this shouldn’t result in them needed to expend too much time and effort!
Listen to our April webinar, "Managing Mobiles for Money" to learn how you can increase your MSP revenue by adding new services!