10 tips for securing BYOD in your workplace

While tech-giddy employees are prone to fawn over every new iThing smuggled into the workplace – devices that are often used in violation of company policy — IT security pros see something very different:  a security breach waiting to happen.

To secure your business against the onslaught of new smartphones and tablets, popping up in the workplace, follow these tips, as suggested by Wisegate, a by-invitation-only, IT social network:

Employees bringing tech to the office requires some management.

Invite everyone to the policy bake 

Businesses will get easier buy-in if everyone to be impacted by your BYOD policy participates in its creation.  This includes your resident computer expert, human resources, your attorney and your department heads.

Shop security solutions thoroughly 

The good news is that security solutions providers are well aware of the BYOD security threat, and have been busy coming up with solutions.  The latest version of BlackBerry Exchange Server, for example, promises to offer security protection for all smartphones.

Other solutions to check out include Good Technology, MobileIron, Excitor DME, Fiberlink’s Maas360, Microsoft Active Sync, IBM Traveler, McAfee EMM, and Soti Mobicontrol.

Tech Outlook: Embrace innovation and join us Sept. 27

Only allow email that resides on the network

Be sure employees can only access – but not physically download – your company’s email with their smartphones and similar devices when they sync with your company server.  Under that scenario, if they lose the phone, their email will still be safe and secure on your company mail server.

Define sensitive data to employees

You’d think this would be a no-brainer.  But then again, if you don’t define what’s meant by sensitive company data, the first line you’re likely to hear from a hapless employee is, ‘I didn’t know.’

Force password strength on all devices 

As a deterrent, security experts recommend passwords of more than 12 characters, which should include a nice mix of letters, numbers and symbols.  They also advise businesses to program automatic rejection for less complex passwords.

Get explicit about photos 

With cameras on virtually every smartphone, businesses need to clearly define what workers can and can’t photograph.  Essentially, you don’t want pretty images on Facebook of products that are in development, company whiteboards, trade-secret work areas and the like.

Decide who owns the phone number

Wrestling over who gets the phone number after a break-up has become very touchy.  A key salesperson who takes his/her phone number along to the next job – which may be at a competitor – could steal a good deal of business away from your firm.  Ditto for top executives.

Be careful where you wipe 

Dealing with lost/misplaced smartphones and other devices may be easier if you buy software that allows you to wipe (erase) business data only, while preserving personnel data.  Of course, that approach could create its own headache, since many people mix their personal and business data within the same application, and sometimes even within the same folder or file.

Insist on timely notification of a loss

You’d think that an employee would be smart enough to quickly report a lost smartphone or tablet.  But then again, you’d expect that employee not to lose the device in the first place

Encourage employees to vote early, and often 

To protect against employees who ‘sign-and-forget’ BYOD agreements, require employees to re-sign such agreements every six months.  Such precautions could insulate your firm against, ‘I-forgot-I-signed-that’ laments and lawsuits.

Joe Dysart is an Internet speaker and business consultant based in Manhattan.  Voice: (646) 233-4089.  Email: joe@joedysart.com.  Web: www.joedysart.com.

Share on LinkedIn Comment on this article Share with Google+