informa
/
Commentary

3 BYOD Risk Prevention Strategies

An effective BYOD plan must balance control with convenience. Here's what to keep in mind.
13 Ways To Beat Big Brother
13 Ways To Beat Big Brother
(Click image for larger view and slideshow.)

Managers often believe a bring-your-own-device (BYOD) strategy is a silver bullet to solving mobile communication problems within their organization. Thoughts of "I don't need to purchase hardware for employees" or "Workers are more productive with their own device" can mask the challenges that often accompany BYOD programs. Today's business environment is becoming a target for data breaches and various security risks, so organizations cannot afford to overlook security when developing a BYOD strategy.

However, there's a fine balance when implementing BYOD security regulations -- you don't want to be so overzealous about security that employees' work is hindered. Done right, BYOD can reduce technology expenses while increasing end users' productivity and improving office morale. An optimal enterprise mobility strategy provides comprehensive device security without impeding employees' pace of work.

For example, many companies have traditionally forced users to connect with a VPN before accessing company resources. On mobile devices, that process is a real pain. It's also not practical -- since most users switch between work and personal tasks, it actually discourages users from staying connected and productive. Companies can implement in-app VPNs and Micro VPNs, which automatically connect specific apps to the corporate network without requiring users to make that connection manually. Companies can also distribute secure browsers that allow users on to internal links that automatically connect to Intranet sites or web application servers without manually launching and connecting with a VPN.

[BYOD: It's about much more than just devices. See BYOD Expectations Just Keep Rising: InformationWeek Video.]

Without a well-designed and unified device management strategy in place, companies risk exposing their most sensitive data to outside sources -- and even competitors -- while stunting employee innovation. Here are three ways to create a plan that maximizes the benefits of BYOD while mitigating the threats.

1. Be transparent with employees.
Attempting to hide unflattering aspects of a BYOD plan can backfire if employees discover them. Being truthful about employee privacy rights and enterprise mobility management (EMM) components fosters a sense of trust between decision makers and their corporate team. We see this often with companies we work with: They explain that the technology is designed to protect and secure, but that it may collect employees' personal location information and personal apps. Be clear that you're not trying to play Big Brother, and that there are privacy filters installed to restrict access to most personal identifiable information (PII).

Building BYOD trust works both ways. CIOs and company leaders should feel confident that their employees are responsibly embracing the freedom of enterprise mobility -- and if at any point the leadership team feels that workers are not handling company data securely, they have the option to implement stricter BYOD controls.

Additionally, BYOD deployment should complement employee training. It's a growing trend for companies to teach employees what is and is not acceptable, and which apps require caution. For example, no employee should forward a corporate document to a personal mail account or take photos of meeting notes if the phone is set to upload all pics to the web and social platforms.

2. Maximize protection of employee devices.
Flexibility is a must for all BYOD plans, so that IT professionals can maintain control over sensitive data stored on employees' mobile devices. Real-time monitoring and remote wipe capabilities are some of the EMM features IT leaders can leverage to identify security threats quickly and respond to them effectively.

Healthcare and financial services firms traditionally have the highest security standards, but companies across all industries are increasing their adoption of container-based solutions. Popular policies include restricting copying and pasting of sensitive information from mail, calendaring, and contacts to non-approved applications. This ensures that users cannot send or save important information -- whether intentionally or by mistake. The sandboxing of corporate and personal data can help ensure appropriate levels of security are in place.

3. Monitor corporate information consistently.
If a security breach occurs, it is important for IT teams to respond quickly and effectively. Companies often set up automated alerts to notify them in near real-time when a device has been jailbroken or is outside its predetermined "geo" fence, when a blacklisted application has been installed, or when a user has reached his or her data limit. Such real-time monitoring capability allows IT teams to identify security violations quickly.

Incorporating these elements within a holistic device management program can help companies be more proactive about enterprise mobility. Prepare and engage employees for BYOD by developing a solution that helps manage all employee devices. The result will be more efficient work processes and minimal security risks.

Fully 75% of 536 respondents say their orgs are as or more vulnerable to malicious code attacks and security breaches compared with a year ago. And in the face of a crushing skills shortage, 40% subsist on no more than 5% of the IT budget. Where do we go from here? Get the Research: 2014 Strategic Security Survey report today (registration required).