January 13th, 2016 by Rocket IT
In the traditional office, new employees are handed liability agreements alongside company-issued and chosen computers, phones, and other devices on their first day. But, in a select few, the transition is being made from company-provided devices to Bring Your Own Devices (BYOD). For the IT security staff, this is like a nightmare come to life. If you thought getting Derek in Accounting to stop clicking suspicious links in emails was difficult before, try keeping company data secure when the same laptop used to traverse reddit, soccer chat rooms, and questionable click bait articles is used to access highly secure reports.
The original BYOD was mainly limited to bringing your own mobile, but it’s expanding. In Apple vs Microsoft office fan wars, BYOD seems an inexpensive alternative. It gives employees the freedom of choice and frees employers from the additional costs of new equipment. When your employees work out of office on a regular basis, BYOD also seems considerably more convenient.
If you are dedicated to this type of environment, you should take proper precautions for your company’s security.
A very simple step to secure company information on personal devices is to require all devices with company information (even as little as access to company email only) to have an access password or passcode. That means any phones or laptops should be password-protected.
It’s not just about making the device itself secure, but also about making your data secure.
Prevent local storage of corporate files and other sensitive documents. This way, if someone misplaces their phone or has their laptop stolen in a Starbucks, you don’t have to worry about what files may be vulnerable because an employee saved a copy of your 2016 company objectives to their desktop.
The biggest mistake companies make in BYOD environments is putting the BYODs on the same domain controller as the rest of your network. Consider having a separate BYOD network and limiting what can go in and out of the network with your domain controller to your BYOD network.
It’s important to isolate the BYOD equipment from internal infrastructure, such as servers, as much as possible. Obviously, those devices may need to access certain resources on the internal infrastructure, but you can secure the internal infrastructure from those devices by only opening up what’s necessary, forcing authentication, and having good encryption. Secure your internal infrastructure in a similar way you would a web server with a website on the internet. In other words, make only what’s necessary accessible from the BYOD network.
You can also restrict offline access to files and require a secure VPN (Virtual Private Network) connection to allow devices to connect to the organization’s server. Consider requiring periodic re-authentication.
There are, of course, solutions you can utilize to help you manage the security of your networks in a BYOD environment, but you would have to set them up. Microsoft Azure and Amazon AWS both provide features like this.
We don’t really recommend going with a BYOD environment. If you do, create and enforce BYOD security policis with these steps to protect your data.
About the Author –
Matt Redd is the Implementation Engineer at Rocket IT. He loves his wife, daughter, track days at Atlanta Motorsports Park, building computers, and food.
Want technology and leadership content sent directly to your inbox? Subscribe to Rocket IT’s monthly newsletter!