Bring Your Own Device (BYOD) policies are here to stay. In part one of our BYOD management article, we detailed how to assess the needs of your staff, think ahead, and restrict access. In part two of our two-part article, we'll explore how to write and implement a good BYOD policy.
Have A Strong Security Policy
For employees to fully understand the responsibility they hold in helping the company stay secure, you'll need to impress upon them the importance of taking precaution by writing a policy that clearly defines the rules of acceptable use. Your BYOD policy should highlight the risks of sharing, transmitting, or storing company data by clearly delineating the difference between employees’ work and personal lives. Create clear cut rules surrounding the use of work-related calendar apps, contact lists, and email accounts for personal use and vice versa.
You should also require a respected antivirus program on all devices as well as complex, lengthy alphanumeric passwords for every account used. Also, clearly define the expected inactivity period for auto device-lock and make sure your employees are utilizing this feature.
Offering annual training can also help employees understand their role in minimizing exposure to cybersecurity threats and clear up any confusion. Finally, implementing a vetting process for new devices to pass through before they are accepted into your system is a must, so you can be sure that all precautions have been taken.
It's only a matter of time before a mobile device is lost or a popular app is compromised. At the end of the day, your policy should give you the confidence that any damage will be minimized.
Design an Effective Service Policy
Upkeep will also play a large part in your ability to stay ahead of potential threats. As a starting point, you'll want to mandate regular updates for your software and security. But the more important aspect of a good service policy is defining what level of support employees will receive when devices are broken, stolen, or lost. Will you provide them replacement devices? What about loaners in the interim while their devices are repaired or reconfigured? You'll want to create protocol around the reporting of lost or stolen devices and data, and clearly define who is responsible for replacing them. Consider the effect that delays in replacement can cause and outline acceptable timeframes for replacement. Make sure that your staff feels safe in reporting incidents without worrying about recriminations so that you stay in the loop at all times.
Plan an Employee Exit Strategy
Lastly, remember that employees come and go, and it's essential to have a strategy for removing access tokens, data, and sensitive information from their personal devices when they do. Decide whether you will require a wipe of their devices upon exiting the company and if you want to add legal implications should they decline to permit it. In the case of an exit where you are unable to access the device physically, a remote wipe feature may be an option you want to consider implementing as well.
If you are looking for expert advice on how to build strong and effective BYOD policy from the ground up, consider utilizing the services of a managed service provider like Uprite Services. We can provide you with expert IT professionals that can help make sound decisions about how to balance keeping your employees happy while keeping your eye on the ball security-wise. Contact Uprite now.