BYOD Security: 5 Risk Prevention Strategies

The BYOD (bring your own device) movement is going strong and shows no signs of disappearing any time soon. But for many businesses that are hesitant to adopt  BYOD, it's not the idea or process of bringing a personal device to work that's preventing them from participating — it's the security risks that BYOD inherently brings to a company.

"The BYOD trend is here to stay, with employers increasingly embracing its benefits, such as lower hardware costs, extended customer access to employees and staff satisfaction," said Gerald Hetrick, chief operations officer at Vox Mobile, an enterprise mobility solutions provider. Industry analyst Gartner also predicts that by 2017, more than half of all employers will require employees to use their own devices for work purposes, he added.

Nonetheless, security is still a top concern for many companies and business owners. "Despite growing acceptance of the BYOD phenomenon, serious security concerns remain, including the possibility of data falling into the wrong hands via lost or stolen devices or lax security practices on the part of the device owner," Hetrick said. [Should You Buy Your Employees iPhones? BYOD Pros and Cons]

To address these concerns, businesses should approach BYOD by creating an enforceable, security-focused strategy. In doing so, they can maximize the benefits of BYOD while minimizing its risks, Hetrick said.

"The key to preventing a security breach is to develop and implement sound policies," he said. To help businesses with their BYOD strategy and reduce BYOD security risks, Hetrick shared the following tips on creating an effective, security-focused BYOD policy.

1. Set standards — Create an acceptable-use policy.

Set standards for users by establishing an acceptable-use policy. Also referred to as a mobile policy, an acceptable use policy outlines BYOD rules and protocols for the entire company. It should entail a stakeholder discussion that covers BYOD rules at the present time and into the future. A committee should also be established to promote and control the policy.

2. Identification — Define and segment users and user groups.

It's critical to identify users, user groups and other categories for BYOD program participants. This way, the BYOD committee and administrators can establish restrictions and allowances — such as applications and content — based on those individuals, groups and types of devices. Doing so also helps the committee evaluate financial implications of the BYOD program, such as rules that govern business expenses in relation to employee devices.

3. Enforcement — Make employees accountable.

Have employees review the BYOD policy and require a signature as acknowledgement of the rules and their required compliance to participate in the program. Training sessions may also be necessary to help employees understand their obligations under the acceptable-use policy. Make sure to also provide employees with the name(s) of who they can contact if they have any questions or need support.

4. Execute — Choose and launch a BYOD platform.  

Thinking ahead is critical. When choosing a mobility platform, the committee should keep in mind in the company's current technology and security needs, as well as anticipate future requirements. It's critical to choose a platform that is agile and scalable enough to not only keep up with user demands and protect corporate assets, but also accommodate emerging technologies as well.

5. Help — Provide support for user-owned devices.

Think BYOD means businesses no longer have to provide tech support to employees who use their own devices? That is one mistake that can lead to security breaches and lower employee job satisfaction. By providing support, businesses can help employees manage devices and access controls, discover potential vulnerabilities and further enforce BYOD policies. Support should cover all stages of BYOD, from device onboarding to provisioning and decommissioning.

Originally published on Business News Daily