Ready to deploy a BYOD environment? Your users will love it, execs will love the cost savings, and IT will be glad that they are no longer responsible for all the tech support. Now they can conveniently send most of the user questions on mobile devices to their own device manufacturers and cell service providers. Unfortunately, there are a few risks that you take on in lieu of the problems you’re solving with BYOD. Here are the security risks you need to address as you roll out your BYOD policy.
1. The Uneducated User
The first thing to take care of is educating your user base on what mobile threats are out there, how to identify them, and how to avoid them. Users need to know about risks associated with third-party apps, device settings, Wi-Fi hotspots, and other mobile issues. Most users allow threats for one of two reasons: either they don’t know, or they are being careless. You can address the first with good training and address the second with a strict BYOD policy.
2. The Unsafe Apps
Your IT department will need to decide what apps will be allowed for work and whether the app actually accesses your network or not. For instance, you might determine that it’s against compliance regulations to store customer data in Google Docs, but that it’s okay for users to install Google Docs on their work devices, since Google is a reputable developer of high-quality products. However, you may decide to ban the downloading and installation apps like games created by unknown developers or known developers of malicious apps, even if those apps aren’t being used to do actual work.
3. The Allowable Devices
The lion’s share of today’s mobile devices are Android and Apple products (primarily iPhone and iPad). The third most common devices are BlackBerry, followed by Windows Phone. While all of these platforms offer reasonably secure operating systems and solid performance, it might be advisable to allow only Android and Apple, just so that your developers don’t have to write code for and maintain code for every single platform. Likely, very few of your workers plan to use BlackBerry or Windows Phones, but eliminating coding for these devices could save thousands in development costs and shave weeks or months off your mobile development time.
4. The Lost & Stolen Devices
Sometimes, devices go to the client’s office or out to eat, and never come home again. It’s sad, but true. IT needs a way to wipe and/or lock down these devices so that authentication codes can’t be used and data can’t be stolen when a phone or tablet goes AWOL. Some technologies allow IT to lock the phone down, which gives the user time to find the phone before it’s wiped completely. If a total wipe is the way to go, the user will need to understand that personal data, as well as corporate data, will be wiped. In other words, they need to be backing up the photos of their kids’ birthdays and the emails about Aunt Martha’s funeral arrangements, so that if the phone has to be wiped, they don’t lose anything essential.
5. The Exit Policy Done Right
As with the runaway phone, sometimes workers go away and never come back. They might get fired, or quit without warning, or occasionally have a serious accident or illness. IT needs two things in these situations: a means to wipe corporate data off the device, even if it never makes its way inside your walls again, and a policy approved by both IT and the legal department that allows them to do so.
Every BYOD policy needs the right technology to back it up. That’s where the Skycure solution comes in. You can learn more and start a free trial of our enterprise edition today.