The Bring Your Own Device Challenge

Technology is now a very personal thing, and that trend is set to increase with the introduction of wearable tech. Staff are always ‘connected’ whether at home or at work, so inevitably the boundaries become blurred.

Some companies have embraced the BYOD culture, believing it increases productivity and reduces their technology overhead.  It’s particularly common in industries that use a lot of contractors, such as creative and start-ups.

However, BYOD scenarios present a challenge to the IT department in terms security and maintenance.

DEFINE THE POLICY
Be clear on the company’s policy. Are personal devices allowed or not? If so, which devices are acceptable i.e laptops, tablets, phones, music players?

The policy should define any authorisation process felt necessary, as well as referring to the expectations around conduct while on the office network.

KNOW WHAT IS ON THE NETWORK
It’s important to know what devices are on the network, so either require users to register their devices with the IT Department, or use an asset management software tool to spider the network and report on connected devices.

ENSURE ADEQUATE SECURITY
By policy, all devices should be clean of malware and have adequate protection, however this can be difficult to manage and need careful consideration.

PROVIDE GUEST NETWORKING FACILITIES
Guest network facilities can be a good way to segregate the network and provide workers with access to the internet, while protecting the company’s digital assets.

And as many systems are becoming SaaS – hosted on the Internet, it can be a perfect solution for the majority of employees.

LIMIT PRIVILEGES
Limit privileges to network services and data shares, ensuring they are reviewed regularly.

LOG AND MONITOR
Consider what information you are logging, how long that information is retain, and how it is going to be monitored to evaluate how staff are using their devices on the network.

An Information Security Management System to ISO27001 will help you to address many of these issues within a structure framework of risk management. For more information, contact Assent.

Further advice from the Information Commissioners Office (ICO) can be found here: https://ico.org.uk/media/for-organisations/documents/1563/ico_bring_your_own_device_byod_guidance.pdf