Week 5: Balancing Risks and User Experience - Bring Your Own Device Policies
With the rise of mobile devices in the workplace, many businesses are transitioning from an issued-device, or "here's your device" / "choose your device" model to one that centers on users bringing their own devices: BYOD, or "bring your own device." This model brings many advantages and acts as a great example of information technology policies centered on user experience, but there are important security considerations to keep in mind when integrating these devices into the company IT environment.
First, it's critical to communicate clear security policies which will help your users understand what they are agreeing to when they bring their device to work. These policies should govern use of company information, approved uses of the device while connected to company resources, required security measures, user reporting responsibilities, and company authority over device contents in the event of loss, theft, or end of employment. It is especially important to establish clear lines between personal and work use of the employee's device, because users may not understand the importance of protecting company information and might not think to protect their personal device as a company asset.
Another important step is to consider using mobile device management [Video Link] software on employee-furnished devices. This technology enables IT managers to remotely enforce security policy on a diverse set of mobile devices and helps make sure users' devices are updated without requiring constant IT attention. Some solutions also allow IT to segregate company data from users' personal data and remotely wipe that data if the device is lost, stolen, or the employee leaves the company.
Finally, security specialists must educate their users on the risks that come with using mobile devices. As the 2019 Verizon Data Breach Investigation Report points out, a large and growing segment of data breaches involve user error. If you educate your users, you can make them less prone to making these errors and more likely to notify you if they do--so you can contain the damage.
First, it's critical to communicate clear security policies which will help your users understand what they are agreeing to when they bring their device to work. These policies should govern use of company information, approved uses of the device while connected to company resources, required security measures, user reporting responsibilities, and company authority over device contents in the event of loss, theft, or end of employment. It is especially important to establish clear lines between personal and work use of the employee's device, because users may not understand the importance of protecting company information and might not think to protect their personal device as a company asset.
Another important step is to consider using mobile device management [Video Link] software on employee-furnished devices. This technology enables IT managers to remotely enforce security policy on a diverse set of mobile devices and helps make sure users' devices are updated without requiring constant IT attention. Some solutions also allow IT to segregate company data from users' personal data and remotely wipe that data if the device is lost, stolen, or the employee leaves the company.
Finally, security specialists must educate their users on the risks that come with using mobile devices. As the 2019 Verizon Data Breach Investigation Report points out, a large and growing segment of data breaches involve user error. If you educate your users, you can make them less prone to making these errors and more likely to notify you if they do--so you can contain the damage.
Comments
Post a Comment