While tech-giddy employees are prone to fawn over every new iThing smuggled into the workplace – devices that are often used in violation of company policy — IT security pros see something very different: a security breach waiting to happen.
To secure your business against the onslaught of new smartphones and tablets, popping up in the workplace, follow these tips, as suggested by Wisegate, a by-invitation-only, IT social network:
Invite everyone to the policy bake
Businesses will get easier buy-in if everyone to be impacted by your BYOD policy participates in its creation. This includes your resident computer expert, human resources, your attorney and your department heads.
Shop security solutions thoroughly
The good news is that security solutions providers are well aware of the BYOD security threat, and have been busy coming up with solutions. The latest version of BlackBerry Exchange Server, for example, promises to offer security protection for all smartphones.
Other solutions to check out include Good Technology, MobileIron, Excitor DME, Fiberlink’s Maas360, Microsoft Active Sync, IBM Traveler, McAfee EMM, and Soti Mobicontrol.
Tech Outlook: Embrace innovation and join us Sept. 27
Only allow email that resides on the network
Be sure employees can only access – but not physically download – your company’s email with their smartphones and similar devices when they sync with your company server. Under that scenario, if they lose the phone, their email will still be safe and secure on your company mail server.
Define sensitive data to employees
You’d think this would be a no-brainer. But then again, if you don’t define what’s meant by sensitive company data, the first line you’re likely to hear from a hapless employee is, ‘I didn’t know.’
Force password strength on all devices
As a deterrent, security experts recommend passwords of more than 12 characters, which should include a nice mix of letters, numbers and symbols. They also advise businesses to program automatic rejection for less complex passwords.
Get explicit about photos
With cameras on virtually every smartphone, businesses need to clearly define what workers can and can’t photograph. Essentially, you don’t want pretty images on Facebook of products that are in development, company whiteboards, trade-secret work areas and the like.
Decide who owns the phone number
Wrestling over who gets the phone number after a break-up has become very touchy. A key salesperson who takes his/her phone number along to the next job – which may be at a competitor – could steal a good deal of business away from your firm. Ditto for top executives.
Be careful where you wipe
Dealing with lost/misplaced smartphones and other devices may be easier if you buy software that allows you to wipe (erase) business data only, while preserving personnel data. Of course, that approach could create its own headache, since many people mix their personal and business data within the same application, and sometimes even within the same folder or file.
Insist on timely notification of a loss
You’d think that an employee would be smart enough to quickly report a lost smartphone or tablet. But then again, you’d expect that employee not to lose the device in the first place
Encourage employees to vote early, and often
To protect against employees who ‘sign-and-forget’ BYOD agreements, require employees to re-sign such agreements every six months. Such precautions could insulate your firm against, ‘I-forgot-I-signed-that’ laments and lawsuits.
Joe Dysart is an Internet speaker and business consultant based in Manhattan. Voice: (646) 233-4089. Email: [email protected]. Web: www.joedysart.com.