Employers need to consider key security aspects when allowing employees to bring their own devices to work following updated guidance from the government’s National Technical Authority for Information Assurance.
The government has updated its bring-your-own-device (BYOD) guidance for employers following a rapid increase in the use of mobile devices and the growth of remote and flexible-working arrangements for staff that use their own laptops, phones and tablets for business purposes.
The guidance describes the key security aspects for employers to consider in order to maximise the benefits of the BYOD approach, while minimising risk.
These key security aspects include:
- Creating effective BYOD policy to ensure devices are only able to access business data they are willing to share with staff.
- Limiting the information shared by devices.
- Considering using technical controls.
- Planning for security incidents to limit loss.
- Consider alternative ownership models.
- Encourage staff agreement.
- Understand legal issues.
- Anticipate increased device support.
The guidance applies to any type of BYOD software product running on a personally owned device, including: container applications on personally owned smartphones, bootable USB media on home PCs and remote desktop or remote application products.
Ali Moinuddin, chief marketing officer at Workshare, said: ”It’s welcoming to see that the government is addressing the rise in the use of mobile devices and the growth of remote and flexible working with its updated BYOD guidance.
”Employees will generally use whatever allows them to do their work easily especially if this demand is placed on them by their clients, even if that means using an unsecure way to work then some will take that route. However, it’s important to realise that these unsecure applications pose an equal, if not greater, risk to business critical and personal data.
”Due to technological advances in the workplace today, employees no longer need to be restricted to their desk in order to get their work done and are often more productive if they are enabled to work remotely or outside the office.
”Whether IT holds the role of the police or the enabler, [it is] at the end of the day, the ‘custodian of corporate data’ or ‘data guardian’ and is expected by a business to prevent/resolve a data leakage or security breach should one occur.
“The bottom line is that any applications used on BYOD need to have the security and control that the IT department requires.”