8 Tips for Implementing BYOD
Don’t have an in-house IT department? No problem. Your small business can still benefit from having employees bring their own devices to work.
By joining the bring-your-own device — or BYOD — trend, you can boost productivity and save your business money. Meanwhile, you can mitigate the data-security risks by implementing the following best practices.
1. Require mobile security software. You can’t control how your employees use their own smartphones, but you can require that they install mobile security software. Providing the software is a good idea for consistency and monitoring. Choose mobile security software with anti-theft features, such as the ability to wipe out data remotely.
2. Mandate the use of strong passwords. Require your employees to lock their smartphones, tablets, and laptops using strong passwords. These should include uppercase and lowercase letters, numerals, and special characters, never using a "dictionary word" or other common word in the password. A strong password helps to prevent thieves from accessing your company’s information if a device is lost or stolen.
3. Install location-tracking software – Location tracking is also important if a device is lost or stolen. This GPS-based tool allows you to quickly pinpoint the device’s whereabouts and increases the odds of recovery.
4. Educate employees on security risks. Requiring training before employees are permitted to use their devices for work ensures that they have adequate knowledge of mobile-security risks and best practices. This reduces the likelihood of a devastating breach enabled by a careless mistake.
5. Implement strict policies. Sixty percent of businesses don’t have a standard BYOD policy in place, which leads to confusion and a whole host of security concerns. Set strict guidelines, such as prohibiting the use of certain types of apps and websites while connected to the company’s network.
6. Use sandboxing. Sandboxing is when an application is run in isolation, so it can't affect or be affected by any other applications on the device, preventing data leakage and the spread of malware. The good news is both Apple and Android devices have some sandbox capabilities inherently built in, so often all you need to do is pay attention the application's requested permissions during installation.
Still, there's a lot of discussion about the need for stand-alone sandbox applications, but there aren't many on the market. However, some mobile security programs have built-in or add-on sandbox capabilities, such as Fixmo SafeZone (free 30-day trial, contact for a quote) and avast! (free). These apps vary in the specifics of how they work, sometimes requiring users to specify which apps to run in the sandbox, while others take a universal sandboxing approach for maximum security.
7. Consider VDI. Virtual desktop infrastructure allows employees to access their office-based computers and software programs remotely. Using this method, no company data is stored on the employee’s personal device, eliminating many of the security concerns associated with BYOD. VDI can often be run in the sandbox, adding another layer of security. However, not all apps are compatible with VDI. There are several VDI tools available, including:
- Microsoft VDI ($501 for Essentials edition, up to 25 user accounts)
- Citrix XenDesktop (contact for quote)
- TeamViewer (free)
8. Set user types and access controls. If VDI isn’t feasible, another option is to create two distinct user profiles — one for work and one for personal use — on the device, a tactic called containerization. When the user logs in with a personal profile, access to company data is blocked. This prevents unauthorized apps from accessing sensitive company information.
BlackBerry devices equipped with BlackBerry Balance have this capability built-in, as does the Samsung KNOX. Like sandboxing, tools for using containerization on other devices are just now emerging, such as: