7 Questions to Ask When Establishing a BYOD Policy
A couple of years ago, we conducted a survey on BYOD usage in the enterprise. Overall, we found that BYOD was boosting productivity but most organizations didn’t have policies in place to support its use. According to a recent survey conducted by tyntec, not much has changed:
- 49 percent of those surveyed use a personal mobile phone for work-related tasks
- 95 percent use a personal mobile phone for business-related calls or texts
- 66 percent of businesses do not have a BYOD policy in place
- 56 percent of mobile phone users do not get reimbursed for their usage
Why the lack of corporate support for BYOD usage? Generally speaking, these devices are simple to use, but hard to secure within the context of a corporate firewall. They also tend to get lost easily and that can open a Pandora’s box of IT nightmares surrounding security breaches.
The key is establishing a written usage policy that effectively governs how the devices are used. Start with these seven questions:
- What’s my current digital footprint? You need to think like a hacker here. What visible and not-so-visible channels are currently exposed? Think about your employees, partners, and other stakeholders that may have access to your organization’s network.
- How secure are your employee devices? Depending on the size of your organization, this can be a daunting task but one well worth your investment. Check devices and make sure that they have the proper security protocols enabled, that passwords are secure, and that they’re set up correctly. Build a process into your plan for enabling new devices on the network.
- When was the last time you conducted a comprehensive scan of all ports, vectors, and protocols? Scan all network ports and identify the IT counterpart of open windows and unlocked doors. The most common malicious network scans search for vulnerabilities in a standard range of 300 ports on a network where the most common vulnerabilities are found. (However, you may have over 60,000 ports on your network that can be suspect.)
- How does your network interact with outside parties? As you think like a hacker, try and access your network from the outside and see what information your network requests.
- How secure is your internal network? We all know that many data breaches occur as inside jobs, so be sure to check how employees access the internal network.
- When was the last time you addressed your wireless networks, including Wi-Fi, Bluetooth, RFID, and other rogue devices? These are all potential entry points into your network.
- Have you considered company-wide employee education on BYOD threats? It’s one thing to write down a policy and yet another entirely to conduct hands-on employee education.
With the answers to these questions, you’ll be better armed to develop a written policy that can control BYOD. You can’t effectively stop BYOD within your organization—so you might as well support it and manage it.
Photo credit to Omar Jordan Fawahl.