Basic BYOD Policies for Your SMB

Paul Mah
Slide Show

Five Tips to Brave the BYOD Boom

In "Is It Time for SMBs to Implement Policies for BYOD?" I wrote about how the increasing usage of tablets and smartphones by SMBs has put them into the forefront of the BYOD trend. Unfortunately, a large proportion of IT departments are uncertain of what to make of these devices, much less worry about the security implications that these devices may represent.

 

As I highlighted then, even enterprise firms like IBM have found it necessary to implement measures to defend against potential data leakages that may arise from BYOD. Taking a page from their book, I've outlined a trio of areas around which small and mid-sized businesses may want to implement BYOD-related policies.

 

Enable encryption, automatic key lock

 

I've always advocated the implementation of data encryption for laptops, be it using self-encrypting drives or robust software options such as Microsoft's BitLocker full disk encryption. Similarly, the first policy that SMBs should implement prior to allowing mobile devices and other gadgets onto their network would be the enforcing of device encryption. Not only will this go a long way to protect against inadvertent data leakage due to stolen or lost devices, but the use of encryption will also defend against opportunists who may find themselves with temporary possession of a smartphone or tablet. Obviously, the use of encryption is only good if the device is set to automatically key lock upon a specified amount of time and is protected with a good password.

 

List apps that should be avoided


 

Another policy that SMBs may want to adopt is to create a list of apps that are not recommended for use. The reason is because most employees have little idea about the security risks inherent to various applications on mobile devices. While telling them to avoid software that stores data in the cloud may be helpful to the technically inclined, it will likely be completely lost upon almost everyone else. Together with a recommended list of apps to use, this helps to eliminate the complexity for employees even as it serves as an invaluable reference for apps that may pose a risk to security.

 

Procedure for reporting lost or stolen devices

 

Finally, a policy should be implemented in which lost or misplaced BYOD devices have to be reported within a stipulated timeframe. Where possible, a remote wipe should also be triggered. According to a study conducted earlier this year by McAfee and Ponemon Institute, a staggering five percent of smartphones are lost every year. This works out to five smartphones even for a small business of 100 employees - and will likely rise once you include tablets into the count.

 

Conclusion

 

If you're still not convinced about the need to enact policies to manage BYOD in your SMB, Spencer Parkinson, public relations manager at Symantec, recently left a comment with my "<strong>The Dangers of BYOD in Small Businesses</strong>" post where he pointed to The Symantec Smartphone Honey Stick Project (pdf). In a nutshell, Symantec conducted an experiment in which 50 smartphones with fake data and tracking software were "lost." Well, 89 percent of devices were accessed for personal apps and information; 83 percent were accessed for corporate-related stuff.

 

Does your SMB implement any policy to better protect itself? Feel free to share your experiences in the comments section below.



Add Comment      Leave a comment on this blog post
May 30, 2012 2:44 AM Tommy Tommy  says:

BYOD is already here and we need to carefully analyse and implement the policy. The above trio will definitely help businesses be protected. Additionally, we must also choose solutions that can be managed and monitored. There are such solutions in the market designed for businesses that will allow IT to control the solution.

Reply
May 30, 2012 7:00 AM Spencer Parkinson Spencer Parkinson  says:

Paul, glad the comment was useful! We recently did another study that your readers might find useful: The Symantec State of Mobility Survey (http://bit.ly/LEM7D4). Of note, the report highlights that in the 12 months preceding the survey, small businesses averaged $126,000 of loss as a result of mobile security-related issues.

Spencer Parkinson

Symantec

Reply

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

null
null

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.