Incorporating BYOD in your Computer Network Security Policy: 5 Questions to Ask Yourself
Late last year, we conducted a survey with subscribers of our quarterly newsletter – ASGInsights – on their use and adoption of BYOD in the workplace. A full 72 percent reported that their organization allows or encourages employees to use their personal devices in the workplace; and 60 percent said that as a result, there are stricter security protocols in place. Surprising?
A Network World/CIO article recently featured some Gartner research that predicted:
Three years from now, tablet computers will outsell traditional Windows PCs, and do so by a whopping 72%, according to the latest projections from Gartner. In between, PC shipments drop at ever faster rates. […]
Most users "will be satisfied with the experience they get from a tablet as their main computing device," according to Carolina Milanesi, a research vice president at Gartner. "As consumers shift their time away from their PC to tablets and smartphones, they will no longer see their PC as a device that they need to replace on a regular basis."
This trend mirrors the increase in BYOD at organizations in our subscriber-base and beyond. Simply put, BYOD is gaining traction and IT departments must incorporate it into their security policy or risk possible computer network security breaches and data loss. Late last month we posted a blog – 4 ½ Things to Consider for Enhancing Computer Network Security for BYOD – that recommended creating a company specific BYOD security policy.
To get started, ask yourself these five questions:
- Which devices will be allowed? It might be wise to create a list of approved devices that meet your security requirements. You’ll want to make sure that approved devices haven’t been hacked or ‘modded’ which could lead to unnecessary computer network security exposure.
- What company data can be downloaded to the device? Remember, these are personal devices used for company work. Given the mobility of these devices and your lack of control in terms of out-of-office use, you’ll want to either restrict or at least encrypt all sensitive data.
- What apps will be allowed? More and more apps are making the news for privacy violations and other non-disclosed device access. Apps are potential doorways through which information (and data) can be accessed. It might be wise to do some homework on the risks posed by some applications.
- Will password logins be required? Some people use the built-in pin login features on their personal devices, but others do not. Access to the contents of stolen or lost devices can either be difficult or easy. Plan accordingly.
- What will your IT support cover and what will it not? If an employee has a technical issue with an employee-owned device, will IT troubleshoot and provide assistance? Decide and incorporate this into your written IT policy early on to avoid any misunderstandings.
There are other things to ask yourself, but these can help initiate BYOD security policies and other related discussions at your organization. Remember—embracing BYOD might be the best IT policy decision you can make.