Bring your own device (BYOD) describes the practice and increasingly popular occurrence of staff using their own personal mobile devices such as a laptop, tablet or smartphone for business purposes, either while at work or remotely. With a new record of mobile devices outnumbering people now, it is a good time to look at your organisations policies.
Our ninjas have devised 10 key points you need to consider if you are going to introduce BYOD into your organisation:
- Create an effective BYOD policy to prevent any unauthorised devices from accessing sensitive business or personal information. This will also highlight to staff the potential risks BYOD can present to a business if not managed effectively.
- Ensure data is encrypted with a strong password and allow only approved users to access business data.
- Provide information to be displayed to staff on their devices, but not saved onto the device. This reduces accessibility to business information if the device is lost or stolen.
- Have a clear procedure for dealing with a security incident and provide guidance on what to do, should this occur.
- Ensure, where possible, a robust UTM/Firewall solution is in place, to protect against data theft and to maintain a high level of network security. Having a managed UTM solution will allow a BYOD policy to be effectively enforced.
- Regularly audit to reduce the risk of compromised sensitive business data.
- Consider whether it is appropriate for staff to send and receive email from both personal and business accounts.
- Verify the identity of a user by asking them for their user name and a certain number of characters from their password before providing access to its data and to filter email access.
- Plan for security incidents, as part of your business contingency plan.
- Understand the legal issues. Consult a legal firm or solicitors for all the advice you need in preparing a policy.
Our friendly team of ninjas are here to help, so if you would like some advice, please call 01843 572600 or email firstname.lastname@example.org