Bring your own device (BYOD) has the benefit of allowing businesses to cut costs on providing devices to employees, but it also creates a number of security issues. This is an especially important factor to consider for government agencies, which often handle very sensitive data but may not have a focused, detailed policy for employees to follow. Employees aren’t necessarily creating security holes on purpose, but agencies should still have a firm policy in place — or make the decision not to allow employees to bring their own devices at all.
Implementing a BYOD Program
If the decision is made to implement a BYOD program, there are a few basics to keep in mind:
- Create clear policies that outline exactly how employees are allowed to use their devices for work-related data like email and documents
- Only allow approved application stores, and ensure that employees know they cannot root or jailbreak their devices
- Use software that allows for work data to be kept separate from personal data and ensures the work data can be easily removed
BYOD and Security
Both potential security problems and their solutions must be spelled out clearly in a BYOD policy. This is especially important for government agencies that need to strike a balance between keeping data safe and avoiding infringement on employee rights. This can involve:
- Containerization
- Connection via a secure third party
- Lockout codes
- Ensuring employees are up to date with security patches
Agencies should also keep in mind what sort of data they handle, including personal data like SSNs and data critical for infrastructure such as power grids. If the data is too sensitive, or could cause massive problems if it leaked, then it may not make sense to implement a BYOD policy at all.
Deciding Against a BYOD Policy
Even if the agency decides against allowing employees to bring their own devices, the agency should still ensure that all employees are aware of the restriction. Clarity is key to helping protect sensitive data; employees may not mean any harm by using their personal cell phone to check their email or look at a document, but the chance of a security breach is lessened if they know that they’re not allowed to do so.
Mobility is an ever-growing and ever-changing field. In order to keep up with the evolution of BYOD, agencies and businesses should be aware of where their sensitive data is and what it’s being used for. A policy that outlines exactly what is and isn’t allowed will keep all devices, whether personal or business, safe and secure.