Cross Identity

Official Blog

7 BYOD Security Best Practices


Most organizations around the world are joining the BYOD (Bring Your Own Device) bandwagon. Employees are free to bring their mobile devices such as smartphones or tablets and utilize it for their day-to-day business activities. In fact, 60% use a smartphone for work purposes while 31% desire one.

Corporate devices such as laptops or personal computers are generally well secured and have stringent IT controls enabled on them. But, what about the employees’ personal devices? They are, too, prone to cybercrimes. Bithumb, a Korean cryptocurrency exchange, faced a massive cryptocurrency breach when a Bithumb employee’s home computer was hacked and personal information of about 30,000 customers got exposed!

So, we have listed the BYOD best practices for organizations that will let you embrace the BYOD culture securely.

#1 Clearly define your policies
The organization may take important aspects such as the number of devices, technical features, device compatibility, IT controls to be enabled for each device including remote employees’ devices, users’ access, privileged access, etc. Generally, the BYOD differs from organization to organization. However, as a thumb rule, the policy should be framed, keeping the organization’s security in mind. Therefore, the policy should be well-defined with clear instructions on the dos and don’ts. Ensure there is no ambiguity in the policy that can be used as a loophole for an unfair advantage.

#2 Educate the employees
A well-defined, robust BYOD policy is almost redundant if the employees are unclear about it. For instance, you decide to implement MFA as a part of your BYOD policy, but if the employee doesn’t understand the importance of MFA, he may not follow it well enough. The employees should be made aware of applications they can or cannot use and give them a comprehensive understanding of the security risks and penalties they may face if the policies are not followed.

#3 Classify personal data
When an employee uses his/her device for business activities, there is always apprehension about user privacy. The device may have lots of personal files, data or information. There should be clear segregation of personal data and corporate data. IT controls and BYOD policy should be enabled on the applications and information that is work-related and absolute privacy of their personal data should be ensured.

#4 Implement real-time device monitoring
This is the most important security best practice that an organization should adopt. With an increasing number of employees bringing their devices to work, even with the best of BYOD policy, there are chances of security being compromised as the IT department or management cannot closely monitor every device manually.
So, real-time device monitoring systems such as Enterprise Mobility Management (EMM) that offers capabilities such as Single Sign-On to mobile applications, automatic installation/uninstallation of applications, controlling the corporate data, wiping out the data upon employees exit, etc.

Therefore, an efficient EMM system ensures optimal security of corporate data on the employees’ personal devices.

#5 Stay solution-ready for lost devices
It is always viable to be prepared for uncertainties. In the event of lost or stolen devices, the employee should first report the same to the management or the IT department. The IT should be ready with necessary actions such as remote device locking, data wiping, password wiping, or reset or have an auto-wipe enabled for certain critical applications. Also, the protocols for lost or stolen devices should be clearly defined in the BYOD policy and employees should be well-aware of the same.

#6 Mandate the encryption of data
Encryption of data should be a mandatory practice. Ideally, military-grade encryption should be implemented. Data encryption provides high-level security, and even if the device is lost or stolen, the management need not panic as much; a threat actor finds it very difficult to decipher encrypted data.

#7 Ensure secure network connectivity
If the employees connect to their network or public Wi-Fi, there is a possibility of an attacker eavesdropping on the business activity; this may result in the data breach. Encourage the employees to connect their devices to secure networks only, not only when they are in the office premise but also when they are traveling. They should always connect to a VPN (Virtual Private Network).

The Future of BYOD
It is said that The BYOD market is on course to hit almost $367 billion by 2022, and companies that encourage the BYOD culture to make an annual saving of $350 per year, per employee!

Gartner principal research analyst Mikako Kitagawa says, “Usage of personally owned devices in the workplace is nothing new, but the survey results confirm that this trend has become a new workplace standard.”

There is no denying that BYOD culture is seeing rapid growth, and with mobile devices becoming an integral part of everyone’s lives, more and more employees would want to carry their devices to work. In fact, according to Frost & Sullivan Research, employees save 58 minutes a day as they operate on their own devices, thereby boosting employee productivity by 34%!

So, it’s about time organizations adopt these BYOD best practices because BYOD is here to stay!

Leave a comment