Maybe it is because it is spring and people don’t want to be tied down to their desks after a long winter, but it seems like BYOD – and in turn, BYOD security – is being discussed a lot more lately.
I especially liked reading TechRepublic’s list of BYOD nightmares, even though only a few of the issues concerned security. But those issues are good reminders – make sure all BYOD includes an app for remote wipe in case of theft or loss (and theft has become a serious problem, especially for smartphones), the importance of not storing your passwords on the device, and remembering that smartphones and tablets are just as susceptible to viruses and malware as desktop computers. One thing the article missed in its suggestions was making sure the device is password protected. Having a remote wipe app isn’t enough to protect a device that is lost or stolen. Owners should have an extra level of protection to make it more difficult for someone to get into the device before it can be wiped. (And it is also important to make sure the device goes back to locked status quickly after use. Yes, it is easier to have it wait a few minutes, but if your device is picked up moments after you last used it, having password protection is pointless.)
I’ve seen some interesting twists to the BYOD conversation, however. I noticed today that another acronym has been added to the BYO group – BYOL, or bring your own liabilities. An article in CIO.com discusses why it is important to have a solid BYOL policy in place if your company also incorporates BYOD:
The policy needs to cover things like the type of devices that can be used by employees, access rights, support arrangements, tracking and monitoring and remote wiping. Much of the policy will not, in fact, directly address legal issues. Having a clear policy will, however, assist in reducing legal exposure.
Legal liabilities seem to be one of those areas that get skipped over in the BYOD discussion. The concern, and rightly so, is on making sure the corporate data is safe and secure, but as the CIO.com article pointed out, BYOD can expose data without the corporation even being aware, adding a new level of risk to data security.
This concern for BYOL could be a reason why network access control (NAC) is making a bit of a comeback, according to eSecurity Planet:
NAC allows companies to see what is connecting to their networks, and control which parts of the network employees and guests can access with their mobile devices.
BYOD isn’t going anywhere, but it appears that companies and security experts are getting a better handle on promoting security for a changing workforce.