How to Write a Secure BYOD Policy


Welcome to the cloud, we hope you are enjoying the view! Now that you have moved all of your online databases onto the cloud, everyone in the office can easily access important information from wherever they are using a BYOD (Bring Your Own Device) of their choosing. That’s right, you can access your cloud with wild abandon from tablets, smartphones, laptops, desktops; in fact, any internet-capable device qualifies. The only trouble is; the flexibility that jumping on the BYOD bandwagon brings with it can compromise the security of sensitive company information.

BYOD Security Policies are a Must

BYOD policies not only allow your employees to access information when they are out in the field and need it most, they also allow them to use devices of their own choosing. Since BYOD means that employees can use their own devices, your hardware budget no longer needs to be so high.

Centralizing software on the cloud means that employees can all access the programs they need through BYOD without you having to license each copy. Employees are also happier as they are able to use the BYOD hardware that they like best.

With BYOD, employees may be accessing the cloud from unsecured sites and information can be compromised when BYOD hardware is misplaced or stolen. That’s why preparing a BYOD policy is a must. Your BYOD policy must cover all eventualities and set up security protocols that all employees must follow in order to ensure that all your company’s information remains secure.

10 Steps to creating a secure BYOD policy

IT professionals now face a new challenge of creating a BYOD policy that ensures the security of company databases when accessed from a variety of devices. Here’s a step-by-step guide on how to create a comprehensive BYOD policy.

  1. Use what you’ve already got: Take a look at the security policies for web applications that you already have. The policies that pertain to CRM, emails, VPN, portals and remote access should be a good starting point for your new BYOD policy. You need to set up guidelines for use that dictate the way in which users can access and share information on the Internet.
  2. Agree on which devices you are willing to support: Many BYOD devices are not secure enough and you can discuss with your team which devices they can use to access the cloud. Inspect all devices to ensure that they meet the standards you have set and make an inventory of permitted devices.
  3. Educate your users: Your policy will only be effective if your users are following BYOD procedures. Outline the procedures for accessing the cloud very clearly and discuss the consequences of leaked information so that employees understand the gravity of the situation.
  4. Write policies that are clear and easy to understand. Walk each user through the policy guidelines to ensure that they are clear. Get each user sign the BYOD terms prior to gaining access to the cloud.
  5. Make PINs and complex passwords mandatory for BYOD users. Use keyword generation software for users who are not accustomed to creating secure passwords.
  6. Use data encryption: PINs and passwords can be cracked, so ensure that any apps that store data on the BYOD hardware also encrypt that data to for added security.
  7. Stipulate app conventions: Its best to get users to clear apps with you before they download or install them. This policy may meet some resistance from people who are utilizing personal devices.
  8. Provide an accessible help desk: Since users are accessing the cloud from a plethora of devices, its best to have a comprehensive help desk available to offer assistance to employees at all times.
  9. Choose your apps wisely: Not all apps will ensure the security of your information, so investigate each app before adding it to your permitted BYOD apps list.
  10. BYOD management software: Several software packages already exist to help you to keep tabs of the flow of data and also of all the BYOD hardware. If you are new to the game or have a large pool of BYOD users, management software might be the way to go.

Getting a security protocol in place prior to implementing a BYOD policy is essential to ensuring its success. While BYOD might lead to a reduction in the size of your IT department in the long run, don’t be too quick to downsize. Introducing BYOD will initially provide more IT work as each user comes to grips with the new protocols and learns to access information in a secure manner. Having a security policy in place is the best way to ensure that your data and the information that your customers supply is safe and secure.



Subscribe to TrackVia’s Blog