9 Requirements of a Strong BYOD Policy

Posted by | Filed under News, Tech News | Jun 5, 2014 | Tags: , , , , | No Comments

Out of the quarter of US workers required to use personal devices at work, only 15% have signed a BYOD agreement with their employer.

A recent study by Gartner Security revealed that 59% of employees, who use their personal devices at work, have not signed any formal agreement with their company.

With more than a quarter of US workers using their own technology at work, company information is regularly flowing through unsecured and unregistered devices.

“The threat of cyber attacks on mobile devices is increasing and can result in data loss, security breaches and compliance/regulatory violations,” said Meike Escherich, principal research analyst at Gartner.

A recent white paper released by CRN, which offers BYOD security recommendations for businesses,  investigated the rising threats against mobile devices:

Mobile devices are facing unprecedented levels and varieties of attacks. The latest F-Secure mobile threat report showed that Android is a particularly hot target for malware, with 79 percent of all mobile threats attacking the world’s most popular OS.

BYOD (Bring Your Own Device) has many benefits, including saving money for a company and increasing convenience for employees. It’s also the undeniable wave of the future for business operations in many fields. But these benefits are largely undermined by the security threats posed by unregulated devices.

The risk of security breaches combined with liability and personal privacy raise serious concerns for employers, but the good news is that companies can eliminate many of these threats simply by implementing and enforcing a strong BYOD policy.

In an article for Business2Community blog, attorney Tricia Meyer highlights nine key components that make a strong BYOD policy:

  1. Level of Control. It is crucial that your company maintain control over who has access to its network and data. It’s recommended that companies set up procedures and policies related to monitoring employee devices including the option for your company to preserve all data on an employee’s device. It’s also important to set clear restrictions regarding employee use of mobile devices.
  2. Ownership & Disclaimer. Your BYOD policy should address who owns the data stored on the device and what can be done with the data.  For instance, if the data belongs to the company, the company generally requires that it have the ability to delete the data from the device.  The policy should also remind employees to back up their personal data. It’s important to clarify that your company is not responsible for personal data loss.
  3. Expectation to Privacy. Your company’s policy should disclose the extent to which the employer will have access to employees’ personal data and emphasize that your company cannot guarantee employee privacy for those who opt to BYOD. Your company should retain access to employees’ devices in order to review activity and ensure compliance with company policies.
  4. Lost or Stolen Device. What happens if the device goes missing? To prevent unauthorized access, your BYOD policy should set forth a procedure for a lost or stolen device, including a requirement for the employee to notify the company immediately. The company should have the ability to remotely wipe all data from the device.
  5. Cost. Allowing employees to use authorized devices for work purposes outside of regular work hours may trigger wage claims. Your policy should set forth expectations regarding after-hours use. This will include whether non-exempt employees are allowed or prohibited from using the device for work outside of work hours.
  6. Compliance with Laws. Some businesses are subject to legal requirements regarding storage and access of personal information. For example, the Health Insurance Portability and Accountability Act (HIPAA) requires native encryption on devices that hold data subject to the act. Depending on your industry, these restrictions may need to be addressed. Your BYOD policy should also address general compliance with laws and prohibit the use of the device for discrimination or harassment.
  7. Confidentiality. Your policy should reiterate that employees must abide by all company policies related to company, client and vendor information, as well as prohibit storing information from prior employers on their device.
  8. Employee Consent. It’s recommended that employees agree to the terms and conditions of the BYOD policy in writing.
  9. Employee termination.  Your policy should set forth procedures regarding BYOD devices in the case of the resignation or termination of an employee.

Personal devices are quickly becoming primary tools in the workplace. Gartner estimates that by 2017 more than half of employers will require workers to provide their own device at work. A strong policy is the best way to ensure that organizations benefit from the advantages offered by BYOD without risking security.

 


 

Leave a Reply

Name (required)

Amazon Android App Apple Apps Back to School Cloud Cloud computing Digital Books e-reader Educational Technology Excel Facebook Google Internet Explorer iOS iPad iPhone iPod Mac Malware Managed Services Provider Mashable Microsoft Microsoft Office MSP Network Outsource Password PowerPoint Privacy Reviews SaaS Security Smartphone Social Media Social Networking Spotify Streaming Music Tablet Teacher Tech Tips Travel Twitter web services Windows 8 Word