Enterprise mobility and security: How to build a BYOD policy
As far back as 2012, Microsoft figures found that more than two thirds (67%) of workers already use their personal devices for work purposes – and that 87% of companies rely on their employee using personal devices to access business apps.
This, of course, is BYOD (bring your own device), and it’s more popular than ever before. Today’s mobile workforce benefits from easier collaboration, better tools and increased popularity – which is why remote teams and enterprise mobility are so popular. All of this means improved business performance and reduced infrastructure costs – but as so many businesses rush to take advantage, they forget one key thing in their BYOD strategy: security.
Why you need a BYOD policy
Mobile operating systems today are more secure than ever but there’s still a long way to go. Because just one unsecured device on your company network could open you up to attacks. According to the Cyber Security Breaches Survey 2017 report, businesses face costs up to £19,600 per cybersecurity breach. But a BYOD policy helps to make sure this doesn’t happen.
Despite this, 77% of employees say they’ve never received any instructions about using their personal devices at work. And only about two-thirds of businesses even have a BYOD policy in place. That means over 3.6 million SMEs in the UK are at risk. Are you one of them?
A well-thought-out BYOD policy improves your business security while allowing you to accommodate your employees’ digital expectations. This way, you can make the most out of mobile without the BYOD security risks attached.
The most effective way of doing this is by managing your systems, not the devices themselves. Because by ensuring that your systems have the necessary security settings, you can make sure that they restrict certain features, protect sensitive data and prevent access to your enterprise resources.
How to write a BYOD policy
The first step to an effective BYOD policy is understanding your employees’ mobile behaviour. How are your staff using their mobiles to interact with you right now? What work tasks are they carrying out on their personal devices? Which platforms are they using, iOS or Android?
Asking these questions will help you paint a picture of your mobile workforce, your employees’ digital behaviour and their needs. After this, the next step is then identifying your business goals for BYOD, what is it you’re hoping to achieve? Because BYOD and enterprise mobility must support your business goals. And, more importantly, how do your goals relate to your employees’ behaviour?
Once you’ve got a good understanding of the role mobile has to play in your business, you can start to build your ideal BYOD policy. One that brings together your employees’ needs with your business goals. To help you start, here are a few essential parts of your BYOD policy:
Acceptable use: It’s important that your employees understand what’s acceptable and what isn’t when it comes to their devices. From your initial research, you should have a good understanding of the mobile activities that directly or indirectly support your employees’ tasks. Based on this, you can identify which apps, processes and activities you should allow and which you should ban.
This won’t be a universal rule that applies to everyone in your business. So, you’ll need to separate your business’ stakeholders into groups depending on their role and requirements. You can then assign different permissions and sub-policies to each group.
Employee turnover and attrition: A good BYOD policy makes up a small part of your Mobile Device Management (MDM) strategy, otherwise known as an Enterprise Mobility Management (EMM) strategy. The MDM solutions you have in place are what makes enforcing your BYOD policies possible.
So, looking forward, what happens in the event that one of your employees leaves your company? With BYOD, that employees’ device will likely have important data saved on it as well as their personal files. So, after an employee leaves, your BYOD policy needs to outline how you’ll remove any data, emails, or enterprise apps from that employees’ device.
For some companies, this means removing access to the employees’ email inbox. For others, it’s a complete wipe of the personal device. Whichever suits your business best, you need to clearly outline your process in plain English your employees. With a well-thought-out plan outlining how you’ll separate personal and professional files.
The future-proof BYOD policy
Many businesses try to make their BYOD policy future-proof. But if you succeed at a future-proof BYOD policy, then it’s likely way too general. Instead, you should regularly review your policy and its effectiveness. Making sure every change considers both your employees and your business goals.
As a business, you must be on the lookout for any developments in the mobile space. For example, Samsung’s S9 and S8 Note Enterprise edition allows for easy remote configuration and device updates. And Samsung’s Knox platform separates personal from work files, ensuring the security of your business’ data.
So, with a BYOD policy that’s specific, measurable and regularly revisited, you can take full advantage of everything mobile has to offer. Without opening yourself up to the BYOD security risks that come with it. It’s clear that enterprise mobility, security and BYOD have never been more important to the future of business.
- » Organisations struggling with seamless customer experiences, MuleSoft argues
- » Five secrets of successful CISOs: Communication, regulation, and more
- » The real state of DevSecOps: Checking on automation, speed, and accuracy
- » Forget facial recognition: Let’s use AI to help gauge integrity
- » For enterprise cyber defence, there should be more than one solution