Key considerations for businesses.
Using a personal device, such as a personal non-work laptop, to carry out work-related activities is known as bringing your own device (BYOD). One of the reasons that a BYOD policy is so essential in the modern workplace is that employees bring their devices to your office whether you have the policy in place or not. In other words, your employees may be using their own laptops and smartphones with or without your permission. Around half of businesses (47%) say that staff in their organisation regularly do this. If you don’t have a policy in place, you’re just increasing security risks from them using insecure apps to transfer crucial data.
We’ve put together guidance on creating an effective and secure BYOD approach:
Create a BYOD policy
Ensure that personally-owned devices can only access the business data that you are willing to share with authorised staff.
Encourage staff agreement
Communicate your BYOD policy through staff training so they understand their responsibilities when using personally-owned devices for work purposes.
Use technical controls
Container applications and technical services such as Mobile Device Management can help you remotely manage personally-owned devices, but they can impact the device’s usability.
Limit the information shared by devices
Staff are used to sharing their information with other users and in the cloud. The automated backup of device data to cloud-based accounts can lead to business data being divulged.
Plan for security incidents
When incidents occur, act quickly to limit losses. Could you remotely wipe sensitive data from a personally-owned device if it was lost or stolen?
Anticipate increased device support
Your services may need to be accessed by different types of devices, so ensure you have the IT support capability and expertise to manage a growing range of devices.
Consider alternative ownership models
Restricted devices may not appeal to some users, so consider giving staff a choice of approved devices that are purchased and controlled by your business.
Understand the legal issues
The legal responsibility for protecting other people’s personal information is with the data controller, not the device owner. It is also worth noting that any device which accesses company or customer data will be under the scope of Cyber Essentials.
If you would like any more information on protecting your business or becoming Cyber Essentials certified, please call our team on 0333 240 1824 (Option 1) or email us at firstname.lastname@example.org.