Bring Your Own Device (BYOD), is a growing trend in the business world where employees use their own personal mobile devices for work. This means that sensitive company information including customers' personal identifying information (PII) and company trade secrets may be accessible from, or might be stored on the employee's personal phone or other digital device. While there are many benefits from implementing BYOD for businesses, it also creates a new set of security challenges as employees' personal phones are more difficult to monitor and protect than a company computer that never leaves the office. Below is a comprehensive but not exhaustive list of security measures that companies implementing BYOD should consider:
Password Protection: A strong password should be at least 8 characters in length and include case sensitive letters, numbers, and special characters. This password should be required to access any company data on an employee's mobile device. It is also a good idea for the employee to have a 4 digit pin passcode to be able to turn on the phone at all. Encryption of Company Data: Any company data, or even all data on the phone, should be encrypted using industry standards. Encryption will help protect any company data from being accessed even if a thief has stolen an employee's mobile device and attempts to hack into it.
Limit use of Apps: Apps pose a security vulnerability, as they are programs that are downloaded by the user, and installed onto the phone. Use of apps on user devices is a hotly argued topic at the moment. These apps can contain malicious software in them, or may simply request and get permissions to access a wide variety of data on the device, in order to complete the install. The possibility that BYOD users might install an app that breaches company data is raising serious concerns in the IT community. This makes it a priority that employees be informed as to what apps are safe and acceptable, and which ones are not. Even with those types of guidelines, it is important for employees to read the reviews of apps to help determine whether it is malicious or not. It is also a smart guideline not to install any app that does not have a significant number of positive reviews. Even with that, it is important that when installing the app that the user be very aware of the permissions the app is requesting, and that they fit the purpose appropriate for the function of the app.
Remote Data Wipe Ability: Employers that allow company data to be stored on a BYOD platform must be able to remotely wipe the device in case the employee either loses the phone or has it stolen from them. Additionally, the employer must also be able to wipe the device upon the employee leaving the company.
Antivirus Software: At a minimum, employees' devices should have updated antivirus programs installed to help mitigate malicious attacks. In addition to antivirus software, providing VPN connections for employee devices, where appropriate, would greatly reduce risk of breach into the phone's data.
"Bring Your Own Device Security Tips" was written by Sam Imandoust, Esq. He serves as a legal analyst for the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to and linking back to the original posting.