BYOD 2.0: Security Best Practices

Logan (1)By Logan Healy
Client Support Engineer
Trivalent Group, Inc.

Sure, bring your own device (BYOD) is a great idea that has been implemented into most businesses at this point. It’s a fantastic idea that promotes positive morale and increased workload around the office. But what are some reasons exactly not to BYOD? And what changes can an organization make to secure the BYOD environment?

Employees use their BYOD-style device every day in most cases. I know that I use my Galaxy S6 daily for emails, accessing files from my Dropbox or OneDrive, and even a quick Google search when I need it. The upside to mobile BYOD devices is that they are so convenient mainly because of the ease of access to the data we need to get to when we need to access it.

In most employees’ cases, their email is always logged in and they are free to search past emails, send new emails, pull up important company attachments, etc.  Not only that, but most other applications are also set by default to be always be signed in and accessible. This is what makes apps so great: ease of access.

This ease of access is also what makes these devices so vulnerable, however. To put it simply, if an unwanted person gets access to this said device, then they also have access to all the company applications associated with the device. Think about what damage could be done to an organization if the wrong person had access to an employee’s device with corporate email, servers, and sensitive saved documents exposed.

So, what can IT do to toughen up security for these unmanaged BYOD devices? The first and most obvious component is to lock down users’ device passcodes. The BYOD policy should include regulating all users to have a passcode on their BYOD device if company data is being accessed. However, there are ways around passcodes, so this shouldn’t be the only change.

In addition to passcodes, users should be required to log out of all applications with access to company data when not using them. This may seem like a long shot, but it is possible, with applications such as Dropbox, OneDrive, and email apps, to require a password each time the application is accessed.

Lastly, I want to mention a great feature that comes with Microsoft Office 365 environments. The ability to remote wipe a device linked with your organization via Office 365 is the most vital feature to securing BYOD devices. For example, if such a phone is stolen or lost and is unrecoverable and there is company data that can’t be seen by personnel outside of the organization, then there is the option to remote wipe the device. This means that, assuming the device was linked with an Office 365 domain, then an administrator could remote wipe the entire device and contacts, photos, saved files, applications, etc. would be removed.

Bring your own device clearly has positives and some drawbacks, but there are ways to implement policies and application settings to prevent some of those drawbacks. Take these ideas into account when trying to implement or change security measures throughout an organization.

Related: Practical Advice on Developing a BYOD Policy: The Time to Act is Now!