If you are not yet familiar with BYOD, you may not be aware how much of your business’ information is not being protected. According to iScanonline, BYOD policies, or Bring Your Own Device, is one of the two current dominant technology trends, with the other being virtualization. Cisco’s IBSG 2012 Report states that 60% of employees now use a mobile device for work purposes, whether it’s to check emails, communicate, or work on the road. It no longer makes business sense for most businesses to prohibit personal device access to the internal business networks. But along with easier accessibility comes vulnerabilities.
If you have proprietary information as most businesses do, a BYOD policy is a must. Unlike other business property, personal devices are not typically tracked by the employer nor do they have security measures in place to prevent unauthorized accessibility. Consider a personal device with company information as a piece of your business walking around without your knowledge of its use or whereabouts. In addition, these devices become a threat to your business since they pose a risk and open your network up to an attack. Fortunately there are measures that can be put in place.
From an operational standpoint, you will want to develop a policy that sets clear guidelines on how a personal device can be used in the work environment. You may also want to address if use of a personal device for work purposes will be reimbursable or not. From a security standpoint, you will want to set forth technology requirements of how employees can use personal devices for work purposes and what you require from them to do so. Some examples are:
• Multi-Factor Authentication – MFA requires two out of three forms of authentication (something the user knows, has and is). By having the device (is) and requiring a PIN (knows) to access company information, you are adding an added level of security.
• Remote Monitoring and Management – With the employee’s consent, software can allow you to remotely access, wipe and track a device.
• Single Sign-on – Software that authenticates a user’s login information.
Allowing employees to use their own devices for business purposes can save the company money and help increase efficiencies as long as the correct security measures are in place creating a win-win situation for you and your employees.
Mythos Technology is an IT consulting and management firm. For more information, please visit www.mythostech.com or call (951) 813-2672.