Bring Your Own Device or in short, BYOD is the latest work trend that allows employees and employers alike to access company data and email through personal devices such as mobile, laptop and tablets.BYOD is frequently engaged by small or big enterprises as a way to increase work efficiency and reduce business cost, for enterprise mobility. In fact, lately it has even become a need to stay connected with work on holiday. According to the Randstand Q2 2015 Workmonitor research, One inthree (32 per cent) find it hard to let go of work while on a holiday, while as many as 51 per cent of those surveyed said their boss expects them to be contactable.BYOD has made work inseparable from our personal lives, and in a way has blurred all lines between work and personal usage.What Happens without a BYOD PolicyWithout a BYOD policy in place, employees will think they have the right and freedom to access company data in whichever way they like, especially if needed to after office hours. This means the use of personal devices to send and retrieve emails, download company's files and edit documents while accessing personal applications such as games or watch videos at thesame time. Such practice could expose a company's confidential data through several online access points, and can be detrimental to thebusiness. Think of the Sony data breach in November 2014, where 100 terabytes of information containing emails between employees and personal data about employees and their families were publicly released in Wikileaks after a malware attacked several Sony employee's computers.Employees are ignorant when it comes to IT technology and it boils down to constant reminders and cyber security education to keep employees in check of what they are doing on theirpersonal devices. To complicate things even further, every device has its own security settings and configurations. It is therefore important for owners and IT security managers to check on manufacturers' device security as well as the environment and operating systems that is permitted for employees' access.Take iOS and android for instance, both are unique operating systems (OS) yet each has its own vulnerabilities. In some companies, the use ofpersonal device is restricted to the use of only Apple or vice versa.The debate on which OS is safer is still on-going, and ultimately policy making lies in the hands of business owners and consensus within the IT department.Crafting a BYOD PolicyIt doesn't take a rocket scientist to craft a BYOD policy. With some reference and modifications, this can be easily done by anyone. Templates are readily available and can be adjusted to suit a company's preference. BYOD Policies often includes:(1) Acceptable UseThis summarises what can and cannot be used when accessing company online access points as well as restrictions and limitations.(2) Devices and SupportThe device models that are permitted and have been checked by the IT department.(3) ReimbursementThe full or percentage of cost that company will reimburse for purchasing a new device.(4) SecurityThe environment in which the device can be used, which includes strong password, and non-usage of rooted or jailbroken devices.(5) Risks and LiabilitiesTo agree that using personal devices for work come with risk and that the employee recognises them and assumes full responsibility.IT Manager Daily has come up with a neat template that is worth looking at, and if you are looking to get started on your first BYOD policy, this could be it.No Escape for Small BusinessesWhile large organisations emphasize on BYOD policies more, this should apply similarly for small businesses, especially since polices and cyber security are likely to be neglected, and whereBYOD is often used. As said, BYOD policy is not complex and can be crafted by almost anyone, so there shouldn't be any excuse why small businesses cannot have it. For best practice, we recommend this policy to be integrated with the employees' hiring manual from the start to avoid misuse and mishandling of company and customer's data.For more articles on cyber security in asia, visithttp://www.cybersecureasia.com
No comments:
Post a Comment