The acronym BYOD or Bring Your Own Device, is taking the business world by storm.
Organizations are looking for ways to save money and at the same time possibly boost user morale. What better way to do this than to let the user bring in their iPad, Kindle Fire, Windows 8 RT, or laptop to work and let them plug it into the network and start getting to work. While the employees are doing this, confidential files are being stored on the device and little did the business know these personal devices have a little rootkit installed that is capturing every keyboard stroke and sending it to a remote server that is storing all of this information. Doesn’t that sound like a great idea?
I am not saying, “Don’t do it!” But I am saying that it needs to be thought about before you allow any device to be connected to your network. Some questions to ask are whether or not there are compliance or regulatory concerns. What about the legal factor? What if you need to access that employee’s device and perform forensics on it? What if the employee is terminated and you use a tool to wipe any and all company owned data from the device, but you accidentally deleted all of the pictures of the employee’s three children. Those photos were also the only copies and now 3 years of cherished photos are now gone. How do you protect yourself?
Important steps to take when embarking on BYOD:
- Implement infrastructure that will secure the data on devices you do not control.
- Invite Human Resources to join in on the discussion.
- Maintain compliance with regulations/industry standards.
- Prepare your staff to support these systems.
- Be able to monitor for compliance to the BYOD policy and guidelines you establish.
- Do not allow employees to store company data on their device.
- Utilize a virtual desktop in order to access company data.
- Ensure a defensible legal position with risk and security in case issues arise.