Computing devices are everywhere. According to the Pew Research Center, 77 percent of Americans own a smartphone and that is not even taking into account PCs, tablets, and wearables. With how common these devices are, their presence in the workplace is a given.
“It then just becomes a question of whether they get access to the network,” Russell Miller, Impulse Point’s Chief Technology Officer said, “and if they do get access, which portion of the network do they get access to?”
Bring your own device (BYOD) policies allow companies to regulate the devices brought into their workplace and provide guidelines for using devices in the way that most benefits your company.
“Nowadays every company should have a BYOD policy because every company is having devices brought into their network whether they like it or know it,” Miller said.
Yet, it can be difficult to know what to incorporate into a BYOD policy to maximize your benefits from it. That is why it is important to consider these five steps when creating your company’s BYOD Policy.
1. Account for Your Organization’s Needs
Few companies use the internet the same way. A security firm should have a radically different BYOD policy from an elementary school. While it might be critical for a healthcare firm to keep their patients’ health information confidential, it might be imperative that your employees can access as much information as possible and that it not be restricted in any way.
While it might be necessary for a school to restrict access to social media during school hours, social media might be what your company is built around. These differences should be incorporated into a successful BYOD policy.
2. Consider What to Restrict
When it comes to determining what access to allow during business hours, it can be difficult to take all eventualities into account. Not only can the types of devices be restricted, but also individual apps, websites, and company information.
Being specific about what types of devices are allowed and which are not, possibly even down to the make and model, is usually best. This helps employees avoid buying restricted devices by mistake, understand what is acceptable versus what is not acceptable to bring to the office, and ensure no devices with vulnerable hardware access the network.
The same possibility exists for blocking individual apps and websites. This presents the possibility of blocking employees from using apps or sites that could compromise the company’s security or reduce employees’ productivity.
The BYOD policy might also consider restricting access to classified information on devices that leave the building that might re-access it later on an insecure network because of the potential security risks. Placing devices on a separate network, such as a guest network, could address this. These access restrictions should be enforced with automated policies.
“Somebody just plugging in an arbitrary device into a port in the wall would ideally not get access until somebody in IT approves it,” Miller said. As may now be apparent, perhaps the most vital considerations in protecting your business under a BYOD policy are restrictions regarding the security requirements of approved devices.
Device Security Policies
Thanks to the ever-changing nature of cyber threats, cyber security is a large and growing industry. According to Gartner, by 2019 spending on security software and hardware products is expected to make up 75 percent of companies’ spending on security outsourcing services. With so much investment involved, it’s important to optimize the security requirements included in a BYOD policy and choose the best products to enforce them.
In general, successful BYOD security policies require anti-virus software and up-to-date patches. Your company’s policy about remotely wiping BYOD devices with potential to reveal confidential information represent another common concern. In other ways, the best security policy for your company will be more variable.
In many ways, your options for your security policy will depend upon your software of choice. To provide an example of possible customization, Impulse’s SafeConnect includes options for customizing policies involving authentication, NAT, Anti-Virus, OSX updates, Windows updates, “End of Life,” blocking devices, and a custom tab to allow even greater possibilities for optimizing the success of your office’s security policy. SafeConnect accomplishes this because it provides network access control (NAC). Beyond the office itself, successful policies may benefit from mobile device management (MDM) software to monitor BYOD devices remotely.
Weigh the Pros and Cons
While your company’s security is important, it is also necessary to account for how too many restrictions might make your employees less productive. This can happen because of restrictions that block necessary information, annoy employees or reveal a lack of trust. To avoid major problems like this, consider the downsides of restricting access in addition to the ways blocking that tool would improve productivity.
3. Consider Device use for Work from Home
According to the 2017 “American Time Use Survey” by the Bureau of Labor Statistics, 23 percent of people worked from home at least some of the time. This reveals a versatility enabled, in a large part, by BYOD. Yet, like many other aspects of BYOD, it also creates opportunities for security breaches and other possibilities to incorporate into your BYOD Policy.
BYOD devices likely come into and out of the office each day. This makes security requirements even more of a necessity for these devices than they might be for those that remain in the office. Your BYOD policy should take this into account.
Consider the ways your policy can account for your organization’s culture. If no work is done out of office in your organization, your policy might state that devices are not to be used out of working hours for work-related purposes. If employees need to respond to messages at all hours of the day, your BYOD policy should reflect this.
4. Consider Reimbursement
BYOD encourages organizations to consider how BYOD policies incorporate total hours worked and the cost of necessary software. When it comes to reimbursement for work like responding to business emails or working from home, companies need to take care to avoid legal issues from uncompensated labor.
5. Decide upon Awareness and Enforcement
Even the most optimized BYOD policy for your organization is useless without awareness and enforcement. Consider a training seminar, a large infographic, or an announcement somewhere visible to inform employees of the new policy. One step in enforcement is deciding which software will enforce the policies discussed in the section “Device Security Policies.” Another step is incorporating penalties for violating the policy into its text and/or requiring employees to sign the BYOD policy to encourage them to learn its implications.
Successful BYOD policies make BYOD optimization easier for companies. Companies should analyze restrictions, security policies, and enforcement in ways that will provide the most benefit to them. When writing a BYOD policy for your company, perhaps the best things to remember are that just because a policy works for one company does not mean that it will work for yours and that these policies cannot succeed without enforcement.
Impulse’s SafeConnect enables enforcement of BYOD policies by allowing customizable restrictions on BYOD devices joining your network. To learn more about how Impulse can help your organization secure BYOD devices, visit impulse.com/safeconnect or email [email protected]com.