Story image

BYOD security policies vital

27 May 15

Bring Your Own Device policies only work if everyone within an organisation is committed to following appropriate security policies.

That’s the word from Rick Bell, architect for UXC Connect, who says BYOD has become a fact of corporate life so organisations need to know how to govern it effectively.

“People are often tempted to bring their own device because the technology is often more advanced than what they are likely to be issued with in a corporate device,” Bell says.

“Often, it’s the senior executives that expect to be able to plug their new device into the corporate network without due consideration for security policies.” 

Bell says BYOD security policies must take into account that, regardless of the device used, the network must be secured to protect the crucial data on which the organisation relies. He says mobile devices, if not properly secured, can introduce malware and security breaches that can compromise the security of the entire business. 

To overcome this, organisations must put clear guidelines and policies in place on what types of devices are acceptable and what needs to be done to ensure they are secure. Bell says these policies must be communicated in a formal manner to ensure all employees are aware of the requirements and, potentially, any penalties for non-compliance. 

“Corporate network security is vital, and organisations cannot take chances when it comes to introducing new devices into the network,” Bell explains. He says there must be standards and systems in place to maintain that security.

“For example, a mobile device might include security measures such as encryption, two-factor PIN authentication or containerised applications and data protection,” he says. “Not all consumer devices can do this, which means those devices may not be appropriate for the corporate environment.” 

Additionally, organisational policies should be set and overseen by a committee that includes senior executives from both business and technology. 

“Because senior executives often expect to be able to use their personal devices in the business network, it is essential to educate them regarding the risks of doing so,” says Bell.

“One of the most effective ways to achieve that is to include them in the steering committee that develops, communicates, and enforces the rules regarding BYOD. This can help reduce the risk that executives think the rules don’t apply to them, and most importantly, it espouses the right security-sensitive culture across the organisation by leading through example.”

Bell says policies and standards can be enacted through an enterprise mobility management platform. “This is fairer on everyone because expectations are set across the board. And it reduces the number of unauthorised devices that can compromise the network,” he says. 

“By doing this, organisations can then leverage mobility initiatives and BYOD policies to deliver the benefits with the assurance that network and information security will be maintained.” 

AlgoSec delivers native security management for Azure Firewall
AlgoSec’s new solution will allow a central management capability for Azure Firewall, Microsoft's new cloud-native firewall-as-a-service.
Kiwis losing $24.7mil to scam calls every year
The losses are almost five times higher compared to the same period last year, from reported losses alone.
How to configure your firewall for maximum effectiveness
ManageEngine offers some firewall best practices that can help security admins handle the conundrum of speed vs security.
Exclusive: Why Australian enterprises are prime targets for malware attacks
"Only 14% of Australian organisations are continuously training employees to spot cyber attacks."
Exclusive: Why botnets will swarm IoT devices
“What if these nodes were able to make autonomous decisions with minimal supervision, use their collective intelligence to solve problems?”
"Is this for real?" The reality of fraud against New Zealanders
Is this for real? More often than not these days it can be hard to tell, and it’s okay to be a bit suspicious, especially when it comes to fraud.
Why you should leverage a next-gen firewall platform
Through full lifecycle-based threat detection and prevention, organisations are able to manage the entire threat lifecycle without adding additional solutions.
The quid pro quo in the IoT age
Consumer consciousness around data privacy, security and stewardship has increased tenfold in recent years, forcing businesses to make customer privacy a business imperative.