Meeting the security risks of a bring your own device to work policy
Does your organisation allow BYOD? Then make sure you have a security strategy!
Businesses recognise that providing a better work-life balance can result in an overall boost in productivity, therefore remote working policies are becoming ever more popular.
With this comes a bring-your-own-device (BYOD) culture, this means that business are allowing their employees to use their own smartphones, laptops and tablets rather than the ones provided by the business.
This puts business networks at risk, from a security point of view. An effective strategy must be formulated for mobile device management (MDM) for companies that enable remote working environments and have a BYOD policy. The following elements should be considered when approaching MDM.
The purpose of an MDM strategy is to secure devices.
Set a clear objective
Organisations should begin by selecting which of the four main device categories each device falls into.
These categories are BYOD; choose your own device (CYOD); Corporate-owned, personally enabled (COPE) devices; and single-use devices. It is vital to set clear objectives on what the business needs to provide to guarantee their data security is managed effectively, once the device categories have been defined.
A set of questions can be used to achieve this, including: Which types of devices are permitted? Which employees are authorised to access corporate data from their mobile devices? From each device what level of business access should the enterprise provide? What security policies should be imposed on each device? And finally, which apps should be provided?
The answers to these will help identify basic plans to allow enterprises to use mobile devices for company access.
Ensure Clear Communication
The level of access and what users will be able to have access from their mobile devices must be clearly communicated to end users with an effective MDM strategy.
All employees who are able to use their personal devices should be given a clear understanding of what data they can access and if their personal data will be accessible to the company.
To avoid an influx of help-desk tickets when device changes happen, employees should be told what changes are occurring and the access reservations they can expect from their devices.
Manage Data by Device
Identifying and securing data on mobile devices is the main purpose of MDM strategies. These devices carry three types of data, each of them must be managed in their own way: data at rest, data in transit and data in use.
It’s very important to encrypt the mobile device when it comes to data at rest. Transfer restrictions should be made on unauthorized data, whether it’s through Wi-Fi, Bluetooth or USB.
And if the device was stolen, the sensitive data on the device should be wiped.
Data in transit requires routing all network traffic to a common secure proxy or virtual private network (VPN) channel. Connection can be prohibited if suspicions are made that available public networks are not secure enough for users to access data.
This way, organisations can ensure that devices only use secure Wi-Fi connections while avoiding public ones.
When it comes to data in use, certain applications should be blacklisted to avoid access to malicious websites. Limitations should be placed on data sharing between managed and unmanaged apps and other third-party applications.
Sensitive documents should also be managed, and sensitive data can be distributed to devices while ensuring that data is only accessible from a secure, managed app.
Enterprises should ensure that devices can only access the data using a managed application if for example, devices have access to emails from Exchange Servers.
If the device is not managed, access to email from Exchange Server should be blocked automatically.
Investigating a solution that enables device management anywhere at any time can be made easier by applying and effective MDM strategy.
It should include the capability to scan devices remotely, install agents, and monitor for install operating system updates as well as other software updates.
The solution should also have the capability to manage prohibited software and add or remove devices from the business network.
Enterprises will benefit from a safe, secure and reliable MDM strategy that works around the clock and requires minimal input from the IT team if these steps are followed and similar device management is applied.