SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
BYOD security policies vital
Wed, 27th May 2015
FYI, this story is more than a year old

Bring Your Own Device policies only work if everyone within an organisation is committed to following appropriate security policies.

That's the word from Rick Bell, architect for UXC Connect, who says BYOD has become a fact of corporate life so organisations need to know how to govern it effectively.

“People are often tempted to bring their own device because the technology is often more advanced than what they are likely to be issued with in a corporate device,” Bell says.

“Often, it's the senior executives that expect to be able to plug their new device into the corporate network without due consideration for security policies.”

Bell says BYOD security policies must take into account that, regardless of the device used, the network must be secured to protect the crucial data on which the organisation relies. He says mobile devices, if not properly secured, can introduce malware and security breaches that can compromise the security of the entire business.

To overcome this, organisations must put clear guidelines and policies in place on what types of devices are acceptable and what needs to be done to ensure they are secure. Bell says these policies must be communicated in a formal manner to ensure all employees are aware of the requirements and, potentially, any penalties for non-compliance.

“Corporate network security is vital, and organisations cannot take chances when it comes to introducing new devices into the network,” Bell explains. He says there must be standards and systems in place to maintain that security.

“For example, a mobile device might include security measures such as encryption, two-factor PIN authentication or containerised applications and data protection,” he says. “Not all consumer devices can do this, which means those devices may not be appropriate for the corporate environment.”

Additionally, organisational policies should be set and overseen by a committee that includes senior executives from both business and technology.

“Because senior executives often expect to be able to use their personal devices in the business network, it is essential to educate them regarding the risks of doing so,” says Bell.

“One of the most effective ways to achieve that is to include them in the steering committee that develops, communicates, and enforces the rules regarding BYOD. This can help reduce the risk that executives think the rules don't apply to them, and most importantly, it espouses the right security-sensitive culture across the organisation by leading through example.

Bell says policies and standards can be enacted through an enterprise mobility management platform. “This is fairer on everyone because expectations are set across the board. And it reduces the number of unauthorised devices that can compromise the network,” he says.

“By doing this, organisations can then leverage mobility initiatives and BYOD policies to deliver the benefits with the assurance that network and information security will be maintained.”