Companies experiencing an influx of workers bringing their own mobile devices to work are suddenly finding themselves in the middle of a rather complex management challenge.
Workers love Bring-Your-Own-Device policies because they open up plenty of opportunities for increased productivity, while allowing them to use the devices they're most familiar with. At the same time, it introduces significant security challenges, as well as the problem of ensuring that BYOD is being used for work, rather than procrastination.
However, there's another issue underlying this: As far as anyone can tell, how a given company's employees may be using BYOD will vary wildly between businesses. So, there aren't (yet, at least) universal "best practices" in the policy. It really just depends on what the situation looks like within your own business.
Smart BYOD policies, therefore, will be based in informed knowledge of how your own employees are utilizing BYOD, and how you can support appropriate business uses while still guaranteeing security.
Communication Forms The Basis Of a Smart BYOD Security Strategy
1 - Start with the raw data.
Your server logs don't lie, at least not unless someone is doing something very underhanded. These will tell you what devices are being used on your network, and what websites they're accessing. This gives you a good baseline to start assessing your BYOD strategies.
If your workers are primarily using business-related websites, then you're off to a good start. If most of the time is being spent on YouTube and Reddit, well, then you know where your conversation needs to begin.
2 - Survey your employees.
We'd strongly recommend making a standardized survey to pass among your employees, and encourage everyone to participate. Some of the questions you'd want to ask might be:
-
Do you use a portable/mobile device like a smartphone or tablet at work?
-
How often do you use your mobile device at work?
-
Do you use your mobile device, or your desktop, more often when doing work?
-
What websites do you use for business purposes?
-
What security measures do you deploy on your mobile device?
To increase employee participation, we suggest making the survey anonymous, such as by using a free service like SurveyMonkey.
Obviously, this should not be used for any punitive measures. (Or else your employees won't be honest with you in the future.)
3 - Have one-on-one meetings with division heads.
Once your employees are surveyed, meet with your departmental and division heads and see how the survey results match up with their real-life experiences. With their position of increased oversight, how do they see BYOD affecting their workers? And what policies do they think would produce the best results for their departments?
With the raw server data, your employees' comments, and reinforcement from the division heads, you should have a very good grasp on where BYOD currently stands in your workplace.
4 - Identify sites that should be prohibited.
This goes beyond the obvious time-wasting sites and other non-productive use. The biggest security threats from BYOD usage generally come from consumer-grade Cloud services. DropBox, for example, is a widely popular free Cloud storage system - but whenever a worker puts your company data in a DropBox, it's outside your security control and easily compromised.
In fact, according to recent studies, it's likely one-third or more of your employees are using such a Cloud system as part of their work.
Basically, if your employees are uploading work data anywhere you can't control or don't trust, that needs to be stopped.
5 - Start crafting alternatives.
If your workers are using your new policies productively, don't take it away from them. Use the insights you've gained to set up Unified Communication systems and Cloud-based storage you can control, while giving them the functionality they want.
And if you'd like more advice on which virtualized systems are best for your business, please don't hesitate to ask for suggestions, advice, or a free consultation!
See how Meraki Mobile Device Management helps with BYOD security.