From small businesses to international enterprises, the BYOD trend is a budget-smart and employee-flexible policy that can seriously expand your workforce capabilities. BYOD stands for Bring Your Own Device. It means that employees can use their own phones, laptops, and tablets to access work data and the workplace wifi network to do their job. BYOD saves the company money on providing devices and allows employees to use the devices they are most familiar with, and prevents having to juggle both personal and work devices.
However, there is one serious downside to BYOD that can counter all the good if not addressed: Cybersecurity. An employee’s personal device is much more likely to be used for risky or experimental tasks and connect to unsecured wifi networks. This increases the chance of picking up malware, getting hacked, and tracking malware back to the otherwise secured workplace network.
So how do you protect your network while still allowing employees to BYOD? That’s exactly what we’re here to talk about today. Dive into the 11 essential ways to secure BYODs for flexibility and security in the same business network.
1. Device Inspection and Approval
Not all employee devices are right for BYOD. Some devices may be too old to run your apps, some are too unsecured, and some are jail-broken to install unauthorized or dangerous apps. Never allow an employee’s device to connect to the company network before it has been inspected and approved. Ban jail-broken devices, outdated devices, and devices that otherwise raise a red-flag with your IT team. Fortunately, most employee devices will be new-enough and brand-standard to pass the inspection.
2. BYOD Device Cleaning Day
At the same time as devices are being inspected and approved, have them scanned and cleaned for any current malware or suspicious files. Let employees know when device cleaning day. Tell them to back up their photos and files just in case, and to delete anything that they don’t want to be scanned during the cleaning phase. Remind employees that BYOD creates an obligation to avoid and clean out malware and that devices used for work may no longer be 100% private due to security needs.
-Regular BYOD Re-Cleaning
It’s also a good idea to re-scan and clean employee devices every year to six months, just in case they’ve picked up any malware along the way. This can happen any time new apps are installed or devices connect to outside wifi networks.
3. Blacklist Risky Apps
Some apps are a more consistent source of hacking or data leaks than others. Do your research based on the type of security you require and build a list of risky apps to blacklist. Unsecured chat apps are the most commonly blacklisted by workplaces for employee devices, but there may be other specific apps you know should be deleted before a phone or tablet is used for work or allowed to connect to the workplace network.
4. Manually Authorization on Approved Devices
Once you have approved, scanned, and malware-cleaned employee devices, consider using a direct authorization feature. Only allow approved devices to connect to the company wifi network or sign in to work-related apps. This way, employees cannot get a device approved only to bring in a different un-approved or infected device into the workplace or access a secure business app on a different hacked device.
5. Require Password-Protected Lock Screens
Lost, stolen, or snooped devices can be a real security problem with BYOD. Thieves and curious family members alike can potentially access an employee’s work documents and log into their business apps just by picking up their phone. This is why all employees who wish to use their own devices for work should be required to use password-protection.
Passwords should be strong, well-constructed, and remembered without use of a written reminder or password manager. Teach your team the funny-acronym method to build complex passwords they’ll remember every time. And during device check-ups, make sure those password protections are still in place.
6. End-to-End Encryption for Business Apps
Encryption is vital for mobile business-data security. Encryption means that even if a hacker steals data or accesses a device, they won’t be able to read the data they look at or steal. All iOS and Android devices are automatically encrypted and Windows devices can be encrypted intentionally. In addition, any business apps you use should be encrypted end-to-end. This means the data is encrypted at workstations in the office, encrypted in-transit across the internet, and encrypted when it’s received and stored in a mobile device. This is a huge step to preventing hackers from accessing your proprietary business data when communicating with mobile employees using BYODs.
7. Emergency-Only GPS Device Location
GPS-tracking is an essential part of security for business-use devices. If a device is lost or stolen, GPS can be used to pinpoint its location to either retrieve the device or give a detailed report to the police. However, GPS-tracking employees all the time on their own devices is data-intrusion and can be considered a violation of various data privacy regulations. So talk to your employees about installing an emergency-only GPS location feature in which the company can activate the GPS tracking only at the employee’s request to find a lost or stolen device.
8. Remote Kill-Switch Installation
If an employee’s device is lost or stolen and there’s worry that someone may access proprietary data, a kill-switch feature is incredibly useful. A remote kill-switch can wipe a device’s memory or completely ‘brick’ the device so that thieves cannot extract private data. With your employee’s permission, installing a remote kill-switch can keep both private company data and their private personal data secure in the event of a device theft.
9. Take Steps to Avoid Use of Public Wifi
Public wifi is a great idea in theory, but hackers love the public wifi trend. Called a “Man in the Middle Attack”, hackers will open a false public wifi network and name it something not-suspicious like “Joe’s Diner Guest Wifi” when Joe’s Diner doesn’t have guest wifi. People connect to save on their data plans and then get hacked through the wifi network.
To this end, you can best keep your company network safe of tracked-in malware by helping employees avoid using public wifi. Train them to identify false wifi networks and to use their own data plans or a provided hotspot device instead to avoid these honeypot traps.
10. Separate Wifi Network for Employee Devices
One very savvy way to keep your business network safe from BYODs that may have tracked in recently-acquired malware is to build a separate wifi network. Separate wifi networks create a security buffer to keep your workplace ethernet-network of connected computers and servers more secure. Just as you may have a separate network for smart-office devices or a separate network for customers and guests, you can also offer separate wifi-internet access to employee devices.
This way, employees can access the internet and all their usual mobile functions with their devices in the office, but those devices won’t be sharing a network directly with your internal workplace network of computers and servers.
11. Beef Up Your Business Network Security
Finally, it’s a good idea to improve your workplace network security across the board. Knowing that employees will be connecting with BYOD mobile devices that have been out in the world downloading apps and connecting to unknown wifi networks, make sure your network security is up to the task of resisting infection. Set up network monitoring to notice malware as it tries to invade. Customize your firewalls to prevent infection from mobile devices. This kind of preparation will significantly increase the safety of your company’s BYOD policies.
—
If your company is planning to offer BYOD or already has BYOD in place, it’s time to take network security seriously. Defend your business network from potential malware infections and directed hacks by following these guidelines and working with your employees to minimize risk. Contact us today to learn the finer points of BYOD security and build a comprehensive defense to safely allow BYOD among your workforce.
