IT: Security for BYOD.

If you allow workers to use their computers, phones, tablets, and networks to access your business systems, think about what you can do to make sure bring-your-own-device (BYOD) technologies are secure. That can take extra time and budget – and you may face technical or company culture limitations, too – but consider these steps:

  1. Install an MDM ‘agent’ on BYOD devices. If you use a mobile device management (MDM) tool, deploy an agent to BYOD devices, too. You will gain visibility, you can confirm security settings, and you’ll have the ability to wipe a lost or stolen device if needed.
  2. Set a secure configuration standard. Define reasonable security settings and consider getting sign-off agreement from workers or asking work-from-home staff to complete a self-assessment.
  3. Extend internal tools to BYOD devices. If practical, provide licenses for corporate tools like anti-malware, DNS filtering, and password management for use on your workers’ BYOD devices.
  4. Push long passwords. Encourage workers to use longer passwords for business accounts. Run a password cracking test on your current Active Directory hashes to root out weak passwords.
  5. Push MFA. If you don’t already use multi-factor authentication (MFA) for your VPN, email, internet-facing applications, and cloud-based services, start using MFA now. No single action you can take will do more to prevent credential attacks than MFA.
  6. Use VPNs and virtual desktops. VPNs and virtual desktops can limit how much of your organization’s data resides on your worker’s BYOD devices and moves through their home networks.
  7. Increase monitoring. You’ll boost your monitoring abilities if you can install your organization’s MDM agent, anti-malware, and/or DNS filtering on BYOD devices. Network and VPN access will create log entries, too, but you may miss risky events if you aren’t centrally logging security details and then actively monitoring activity.

It takes planning, time, and resources to maintain security when BYOD devices are allowed. But the building blocks are the same as for corporate computers – a secure configuration, security-specific tools, good security practices, and monitoring.