In the rush to implement a device management style that’s popular with both employees and enterprises, many businesses may have gotten ahead of themselves. That’s the impression one gets from a survey cited in Computerworld that indicates that 53 percent of businesses polled admitted to having no formal Bring Your Own Device (BYOD) policy in place, and a full quarter said that they had no systematic security approach whatsoever.
In the article, Chris Pyle, CEO of Champion Solutions Group (which conducted the study), called the results “ridiculous” and “surprising.” While such findings are indeed worrisome and unfortunate in terms of the overall enterprise security profile of the U.S., they are not necessarily the biggest surprise. That’s because many enterprises still think of cybersecurity threats as being the sort of thing that perimeter security can put a stop to on its own. But a secure mobile device management solution is really only one piece in the cybersecurity puzzle. Policies and awareness play a huge role in enterprise security, especially in easy points of infiltration like BYOD.
So how can you help your customers understand the steps to BYOD security that go beyond the software solution? The following tips will help you improve your customers’ BYOD security awareness.
1. Get Them Thinking Creatively About BYOD Usage Policies
One of the biggest security challenges that BYOD poses is that it’s hard to place limits on what employees can do with their personal devices outside of the workplace. But defining, at the policy level, which devices an individual can use and what rules they have to comply with is critical in keeping business networks secure.
There are many creative ways to approach this problem. Suggesting that employees keep work-specific devices that comply with usage policies is one way to deal with the issue. Offering a suite of internally owned compliant devices that an employee can use for work is another. Coming up with a usage policy that appreciates the realities of how people use their devices in their private lives, but balances that freedom with the security demands of an enterprise, is paramount.
2. Help Them Educate End Users on App-Based Threats
Installing apps on a phone or tablet often doesn’t strike end users as posing the same risk as installing an executable file on a desktop or laptop. But rogue apps can be just as dangerous to networks as traditional computer viruses. App-based malware is a growing problem that has led to the compromise of a number of enterprise networks. Providing resources to help your clients educate end users on potential app-based threats can be hugely beneficial to their overall BYOD security profile.
Getting end users thinking about security in their day-to-day device usage is key to preventing the devices that they bring into the office from being the weak link in an enterprise’s cybersecurity. Not to mention, being security-minded is better not just for enterprises, but for individual employees using their personal devices at home. Nobody wants to deal with a malware attack on a device, whether at work or not, and being educated on security protocols is key to avoiding them.
3. Encourage the Use of Threat Intelligence Platforms
Digital threat intelligence can give businesses a clearer idea of what sort of cyberthreats are proliferating in a given area of business or geographical location. It can also give a business an idea of what steps to take in order to prevent being compromised by those threats. Using the intelligence from such a solution as the basis for determining how mobile devices can be used in the workplace can help an IT department be strategic in protecting the network.
For instance, if there is one particular zero-day malware threat invading enterprises through one specific operating system, a business can learn about it from a threat intelligence platform and suspend the use of that device in-office until the security world can address the threat.
What effective policies have you seen in place for managing BYOD in the office?