Big CyberSecurity Risks

Though there are big benefits to having a BYOD program, including boosting employee productivity and morale, as well as possible cost savings, security risks are a critical concern.

Overworked professionals are trying to boost productivity any way they can, leading 67 % of employees to access company data on their mobile devices. And businesses equally hungry for efficiency are responding with bring-your-own-device (BYOD) programs.

Some FUN Statistics

The following statistics came from the article “41 Stunning BYOD Stats and Facts to know in 2020”. 

•67% of employees use personal devices at work

•BYOD generates $350 of value each year per employee

•A BYOD-carrying employee works an extra two hours

•87% of businesses are dependent on their employee’s ability to access mobile business apps from their smartphone

•69% of IT decision-makers in the U.S. say BYOD is a good thing

•BYOD market size is expected to reach $366.95 billion by 2022

•59% of organizations adopt BYOD

Step 1: Appoint a Core Team

Appoint a small, dedicated team to take charge of evaluating your current BYOD state, devising effective goals and developing a strategy to achieve them while enabling a competitive advantage for the organization. This team should include members from your Information Technology Department and the business units who can remain impartial, but have a vested interest in a viable strategy. Consider additional participation from your human resources and legal departments, and possibly outside consulting firms that have a broader perspective of the industry and can facilitate your objectives.

Step 2: Define and Align Your BYOD Goals

To create a viable strategy, BYOD objectives should be defined with a clear understanding of how they align with the organization’s overall strategic goals. A BYOD strategy can only be successful if its goals are tied to business objectives. Your BYOD goals should reflect a balance of enablement, empowerment, security and governance for your organization.

Step 3: Understand How BYOD is Used Today

Once your overall BYOD goals are determined, the team should gain perspective from members of the various business units, including sales, C-level executives, human resources, and other key departments to determine which personal devices, applications, and personal cloud services are in use today, how they are used, how tech-savvy the users are, and how employees feel these tools enhance their effectiveness and productivity. It’s important to take a positive tone during these discussions, so that users don’t feel threatened with the loss of their rights or tools.

Step 4: Understand Your Security and Compliance Posture

Establish an understanding of your organization’s risk threshold by conducting a vulnerability assessment, AKA a Risk Assessment, and evaluating security and compliance requirements. Assess the impact of your current BYOD situation on those requirements. You can consider how the organization deals with remote access from personal computers or laptops to baseline how devices such as smartphones and tablets are being controlled.

Step 5: Start Building a Strategy

Use the goals you’ve devised and the knowledge you’ve gathered to start building a BYOD strategy. Any IT strategy has to include policy, processes and resources. Policies set expectations by outlining rules and requirements and identifying how they will be enforced. Processes are activities and tasks that are applied to meet the expectations, and to facilitate the achievement of goals and objectives. Resources—including people, technology solutions and money—are applied to enable the effectiveness of the processes that in turn meet the expectations.

Step 6: Devise a Policy

A strong policy clearly indicates which departments and roles may be empowered with BYOD, in accordance with your goals. Which devices, applications, and level of network and data access are permitted for each? What constitutes acceptable and unacceptable mobile device use? It should define password requirements and determine the steps employees should take to back up and update their devices, and steps to follow in the event of a lost, stolen, or hacked device. It should indicate who can connect devices to the corporate network, how they can be connected and authenticated, what data can and cannot be accessed, which applications are permitted, and the types of data that can be stored on mobile devices. The exception process and penalties for noncompliance should also be addressed.

Step 7: Establish Processes

Mature processes will enable the organization to be productive. These processes can aid in connecting different departments of the organization. For example, IT should be notified when Human Resources hires a new employee so that the employee’s mobile device can be enabled. Processes should be developed to implement and enforce policies. Make sure you include processes for provisioning and deprovisioning them when employees leave the company.

Step 8: Acquire and Deploy Resources

The resource component of a BYOD strategy consists of IT tools and the people who deploy and use them. Certain enterprise BYOD tools can help protect your network and data from vulnerabilities presented by mobile devices. The technologies that are right for your organization depend on your goals and objectives. It is best to not focus on the features and functionality of a specific technology, but rather how its capabilities can help you gain a competitive advantage in the marketplace. Many companies find it beneficial to leverage a vendor independent technology partner to test various solutions and find the right fit for their organization.

Identifying the right people to facilitate your strategy is as important as selecting the technology. As the BYOD program is implemented, additional roles may need to be created. Some organizations advocate the creation of a chief mobility officer role to oversee their mobility efforts. At the very least, additional training will need to be developed to inform various parts of the organization about the impact of mobility.

Step 9: Educate

No matter how much you try to educate your users about policies and processes, you can only be successful if you achieve buy-in. Policies and processes cannot be effective unless employees understand the reasoning behind them. BYOD education should start immediately when users begin work for your organization and continue with periodic refreshers. BYOD courses can be held online or in person. One way to help users understand the importance of BYOD policy is to highlight the publicized intrusion and data theft incidents of other organizations resulting from mobile device use. Focus the education on protecting not only the company, but also the employees’ personal information and livelihood.

Step 10: Revisit your Strategy

The BYOD landscape—consisting of devices, software and cloud services—is a fast-moving target. Your core team should continually revisit your BYOD strategy. It is important to conduct regular vulnerability assessments and review your policies, processes, resource tools, and education to ensure that they are still effective. This should be done at least once a year; depending on the dynamics of the organization, once every three months may be a more appropriate time frame. Breaches or outages related to mobile technology may necessitate an ad hoc reexamination of your BYOD strategy.

navitend can help you.  Call 973.448.0070 or setup an appointment today.  Book Now

Make your life easier …….