You bet you do!
If you are an avid reader of this blog, then you know we have been evangelizing a very important message: There will be an increase in high profile cyber attacks this year. The cyber threat landscape today is more dangerous than ever before and companies cannot afford to make the wrong decision when it comes to what should now be a common boardroom discussion… network security.
And one of the top security challenges for 2016 is increased level of risk from BYOD (Bring Your Own Device). Industry analyst Gartner predicts that by 2017, more than half of all employers will require employees to use their own devices for work purposes. BYOD is going strong, and so are the security risks that go with it.
How should your business approach BYOD? By creating an enforceable, security-focused strategy. The key to mitigating the risk of a security breach is to develop and implement sound security policies. To start reducing BYOD security risks, follow these tips on creating an effective, security-focused BYOD policy.
1. Specify what devices are allowed.
It’s important to decide exactly what you mean when you say “bring your own device.” Should you really be saying, bring your own Android but not your own iPhone? Bring your own iPad but no other tablets? Make it clear to employees which devices you will support, and have the courage to say no to any devices you feel incapable of managing securely.
2. Identify and define segment users and user groups.
It’s critical to identify users, user groups and other categories for BYOD program participants. Who’s allowed in? Who isn’t? Restrictions and allowances can be established based on individuals, groups, types of devices, and specific needs to access certain applications or content.
Corporate networks should use ACLs (access control lists) within their Group Policy environment to define which users, protocols, applications, and specific devices have access to specific parts of the network.
3. Provide support for user-owned devices.
A major frustration of BYOD users is calling internal support for an application problem and being told “we can’t support you” since they’re on a BYOD device. That offhand comment can lead to security breaches and lower adherence to acceptable-use policies. By providing support, businesses can help employees manage devices and access controls, discover potential vulnerabilities and further enforce BYOD policies. Support should cover all stages of BYOD, from device onboarding to provisioning and decommissioning.
4. Enforce the policy and make employees accountable.
In order for policy controls to work, organizations must be able to trust their people to do the right thing. This is only realistic if the organization provides communication, training, monitoring, and enforcement that make clear what behaviors are expected of employees.
Have employees review the BYOD policy and require a signature as acknowledgement of the rules and their required compliance to participate in the program. Training sessions may also be necessary to help employees understand their obligations under the acceptable-use policy.
And remember: Just because training takes place, doesn’t mean learning takes place. We encourage organizations involved inBYOD to test their employees in writing after acceptable use training. Make sure they walk away with what you want them to remember.
More than ever, businesses need to make their BYOD security and access control policies clear, especially for the increasingly mobile workers who access critical business applications and sensitive data from whatever device is close at hand, wherever they are in the world. Contact SLPowers today and let our security experts help you to secure your organization’s BYOD environment.