Letting employees use their own personal devices – what could possibly go wrong? Plenty without the proper planning, actually. Many workplace environments in recent years have considered how to implement a structure of BYOD – Bring Your Own Device – so that employees are allowed to bring their own smartphones, tablets and other devices to work. Successfully done, the business may see a cost savings. Without the right security measures, however, you could be putting your company’s network at risk for attack.
Can a BYOD program work well in your company environment? Think about these crucial steps first before you dive right in.
Picture this: It’s the early afternoon and many of your employees have just come back from lunch. Just before they settle back into their tasks at hand, they go to their smartphone or tablet.
Suddenly, you’ve got a variety of devices that could connect to places you’re not prepared for them to go, from USB drives to wireless printers and more. Bob downloads a few unsupported apps, creating a security concern. Jill visits a website and doesn’t suspect that she’s about to introduce a type of malware into the environment. Ethan has sensitive data on his device, which he leaves out in the open on his desk, just waiting to be compromised.
Can you see the potential I.T. challenges surfacing here? Every employee could create serious security issues if there aren’t proactive steps taken.
What’s Your Policy On Mobile Security?
If your answer is, “We don’t have one,” that’s a good place to start. In our world, there are just too many ways for employees to use their personal devices, regardless of your company’s official stance on it. Completely preventing this usage from taking place isn’t realistic nor is it all that positive for the company culture to have such a firm hand.
What is feasible, however, is having a mobile security policy that communicates best practices and guidelines for employee-owned devices. This document should speak to how your company plans on protecting the infrastructure of the business and how such devices play a role in the security of that infrastructure. Having this first step in place can clarify many subsequent ones, including the type of tools and programs required to reinforce your mobile security policy.
Strengthening Authentic Verification
Just a username and password and they’re in. That’s it. If that sounds a little too easy, you’re right. That’s why two-layered authentication can often be a smart move for companies that deal with sensitive information. When this applies to you, make sure your employees accessing the system from a mobile device have to not only enter a special passcode but also be required to answer a question that only they would know.
Screen Locking and Password Masking
It happens all the time – an employee leaves their desk for an hour to take a meeting in a nearby conference room, with their device on their desk. The screen can be seen on the idle device, inviting those on-site and remotely to access company information they’re not authorized to see. Even a couple of minutes would be too long with so much at stake, wouldn’t it? That’s why it makes sense to implement screen locking any time the device is idle.
Along the same lines, how closely do your employees sit next to each other? Is it that difficult for one of them to see over another’s shoulder and view that employee’s password? Yes, we like to think of everyone on staff as ethical. But all it takes is one individual to steal a password and create major security problems. Head off this risk by masking password fields.
Have Security On Automatic
While everyone should do consistent software updates, it doesn’t mean they’re all actually going to. And that can lead to big problems. With a procedure that ensures security updates are being made automatically to your employees’ mobile devices, you minimize the chance that a crucial update is falling through the cracks.
Again, consider how many points of entry your employees may be inviting into the network through various email attachments, text messages and more. Installing anti-malware can keep viruses, spyware and other malware-based attacks at bay.
Looking To Transition Your Environment Into BYOD Or Another Structure?
Make Sure You’re Bringing The Best Together First.
Customized planning from ISG can definitely go a long way toward giving you the greater peace of mind you’re looking for. Our team can design, configure, develop and maintain a range of network security solutions that match your organization’s needs. Plus, we’ll bring full operational support to isolate and resolve problem areas if and when they occur. So you can expand and evolve your environment, assisted by the company that’s always bringing the best together to have your back.
To get started, let’s have a conversation at 630.858.8500.