The IT Director’s Role in BYOD Security
We used to think of IT Directors as an independent part of an organization, operating in their own little world and fixing problems as they arise. Today, they are a key component to the strategic development and decision-making of the business. In this more modern IT world, some of those strategic decisions include the company’s BYOD security policies.
Developing a Security Policy
Threats like viruses, unsecured devices and theft all put private corporate data at risk. In order to prevent the unauthorized access of this information, an IT Director should implement a security policy that is monitored and enforced throughout the organization. This policy should include:
- Corporate Data Protection Policy: Employees should keep all company data separate from their personal data. Additionally, all business data should be encrypted so an unauthorized user cannot access the company data in a readable form.
- Restrictions for the Use of Compromised Devices: Mobile devices that have been “jailbroken” or “rooted” should not be permitted for company use. Additionally, all approved devices should have a screen-locked password.
- Mobile Security Management Best Practices: Using a security management suite like Mitel Sky prevents unauthorized users from gaining access your company data without enrolling first.
- Offline Accessibility Controls: For companies with high levels of security, sensitive documents and applications should be blocked from mobile accessibility. These documents should only be available if the user is directly connected to the corporate network.
Generating Executive Buy-in for BYOD Systems
An IT Director looking for executive approval should identify the many benefits of BYOD:
- Employee Satisfaction: Employees who are able to use their own devices are shown to be more satisfied than those required to use company-mandated devices. Additionally, the convenience provides workers with flexibility as they can work from virtually anywhere.
- Increased Productivity: Workers who are using their devices for personal use are also more likely to respond faster to work-related matters due to the convenience of using the same device.
- Cost Savings: Utilizing personal devices eliminates a number of company costs. Investments into the hardware, repairs and connectivity is transferred from the company to the employee.
Without a doubt that in addition to understanding the benefits of this transition, executives also need to be aware of the risks from a legal, secure and privacy standpoint. The IT Director should identify and provide strategic suggestions as to how the security policy will protect them from these risks.
Dispelling Security Myths
Myth #1: User Privacy is Compromised:
Although a security management suite will protect the company data, but it will not track the users’ activity on the device, allowing a worker to freely use the device for personal use without the fear of all their activity being tracked.
Myth #2: Malware is the Biggest Risk
According to a study by the LinkedIn Information Security Community, data loss is a bigger priority for organizations than malware (75% versus 47%). A stolen device consistently ranks as the top mobile security concern.
Myth #3: Not Implementing BYOD is the best form of data security
IT Directors should reference that 28% of company data is accessible through mobile devices and can be accessed by about 50,000 productivity applications whether they are mobile-enabled or not.
Because of BYOD, an IT Director is no longer required to keep up with changes to every new platform. As for disaster recovery, if the employees are working mobility, the IT department is no longer required to manage the personal device, which also reduces costs.