Bring Your Own Device (BYOD) Guidelines For Medium to Large Sized Organisations.

Introduction 

Businesses often contain sensitive and confidential data gathered from associated clients, employees, managers and the company director, hence remain under threat from cyber criminals seeking to conduct data breaches and ransomwares. 

Additionally, in recent times during and post COVID-19 recovery, the workplace has become more flexible regarding the authorization of staff being permitted to conduct work related matters using their personal devices.  

This article aims to highlight some of the considerations a medium to large organisation should take prior to deciding to allow their employees to use their personal devices for work. Challenges that arise from ‘Bring Your Own Device’ (BYOD) and mitigation suggestions will also be outlined in this article.   

Outlining the concept BYOD 

BYOD is the practice that enables employees to bring and use their own personal devices for work related matters. Whilst the organisation owns the data and resources that is being accessed or stored onto the employee’s device, the device itself belongs to the employee. 

Why BYOD is permitted by some organisations  

BYOD has become an increasingly permitted practice in the workplace due to a number of reasons: 

• Employees are able to use their own devices and in turn, this improves employee satisfaction leading to increased employee production (as employees tend to understand their devices better than organisation’s devices). 
• Reduced costs regarding procurement and provisioning of corporate devices.  
• Enable increased flexibility and remote working. 
• Employees can still work in the case of central IT in the organisation shutting down. 
• IT staff employed by the organisations have more time to focus their attention on more underlying serious threats faced by the organisation.  

Challenges that stem from BYOD 

Security challenges that arise from permitting BYOD include the following: 

• Ensuring the compliance of the device owner regarding company policies and procedures. 
• Increased assistance for various devices and operating systems.  
• Protection of important assets and data belonging to the company. 
• Protection of the business infrastructure. 
• Helping to protect the personal privacy of the device owner. 
• Ensuring legal compliance.  

The security concerns that arise from BYOD should not be underestimated as if these concerns are unaddressed, a company can face serious consequences in terms of legality, cost, reputation and more. With effective technical controls established and enforcement of company policy however, risks associated with BYOD can be minimalised. 

Examples of effective technical controls  

In addition to requiring employees who work remote or use their own devices undergo cybersecurity awareness training courses, enforcing some of these suggested technical controls (depending on your organisation) will vastly aid in ensuring the security of your company’s assets.   

Typically, remote workers use their own devices to complete their work and therefore, these listed examples are more relevant to remote desktop situations: 

• Only allow access to corporate resources to employees who require it through Role Based Access Control (RBAC). Disable access at all other times.  
• Restrict access from out of date systems. 
• Enforce strong authentication (multi-factor authentication as a minimum for example) to allow access to company recourses. 
• Some authentication providers relay information including geographic location and device compliance. You as a business leader can block or allow access or request for further assistance.  
• Prevent multiple user access as enabling single session usage will help to detect suspicious activity.  
• Disconnect and lock sessions after time limit expiry. 
• Prevent screen recording and screen capture.  
• Disallow printing services  
• Limit sharing or removal of data outside of the remote network. 
• Make sure that users cannot install software into your company’s network or use the network to install software. 
• Encrypt data in transmission.  

These are just a small number of suggestions you can enforce to help secure your company in a BYOD situation however, in reality there are far more practices your company can take to improve the security of your company.  

More technical tips can be found here or likewise, contact Securiwiser, a cybersecurity consultation firm for further cybersecurity assessment services and more.  

Why choose Securiwiser? 

We aim to provide our clients advice concerning implementation of various specific cyber security methods, some of which will be more suitable than others depending on the business type to help ensure the cyber health of our client’s system.  

We advise our clients (whether they are individual users or business owners) regarding various cyber threats that their businesses and operating systems may face. This includes increasing trends of certain threats and prevention methods that are cost effective and time saving.   

Furthermore, business owners, employees and the general users may forget to conduct regular scans to monitor the health of their operating system, which criminals can take advantage of to gain unauthorised access by exploiting unrecognised, underlying vulnerabilities.  

Securiwiser can conduct regular scans for your system and provide a detailed cybersecurity risk assessment and a cybersecurity vulnerability assessment. We can further explain detected vulnerabilities and risks in detail to our clients and provide the best course of action that will save your business time and money.