Attitudes about technology in the workplace are shifting. It used to be people would show up for a job and ask what devices they should use, what was supported. Now, employees show up with their own devices and expect multiple platforms and operating systems will all be supported.
Mobile is increasingly influencing mainstream IT.
Employees are bringing their own devices to work: smartphones, tablets, laptops. And, they are probably performing work functions on them, in the office or out, with or without your knowledge.
This might pose a security nightmare, trying to support and protect a wide variety of devices, or a security advantage; there is no one attack vector by which your organization will be taken down. However you view it, it’s not an issue that’s going away, and IT business strategy should include a plan for dealing with it.
With the huge variety of devices and applications, controlling all of them would be very time consuming and not necessarily cost effective. Educating employees about how to use and not use their devices, empowering them to make informed decisions, is one way to help control security issues and make BYOD a success. Make sure users understand
- How to onboard devices
- Security policies
- Data ownership policies
- User responsibilities
- How to get technical support
Educate employees about what constitutes private data and how to store and use it on personal devices. They may be storing client phone numbers on personal devices that could be lost or hacked without even realizing it’s a bad practice.
Making sure users know proper procedure won’t ensure that they’re always followed through on, but it will help reduce ignorance based breaches.
Security is the biggest concern and measure of success when it comes to BYOD. Your employees should be educated, but, that said, you’ll still want to put security measures in place. A few things to consider:
- Create a list of approved devices both for your records and employee reference
- Screen devices before they are allowed on the network
- Protect devices that store data with a PIN AND a strong password
- Encrypt data stored on devices
- Pre-approve authentication and hardware security configurations on devices storing company data
- Only allow connection to company network using an IPSec or SSL VPN connection
- Create procedures to remove company data from devices used by temporary staff or contractors
- In case of lost or stolen devices, have a process for timely reporting of the loss and a plan to lock or wipe data as needed
Information technology is a key business function and it should be used in a way that allows the business to grow. Building mobile into your IT business strategy will help you reduce costs, increase productivity, and avoid security issues and gain competitive advantage by having the most up to date and diverse technology. Mobile is changing the way we live; it should be affecting your IT business strategy too.