The holidays are coming, and most of us are looking forward to taking some time away from work, to relax and unwind with friends and family. With this, many of us will set our workplace computers to an ‘out of office’ status, and carry out any essential tasks remotely from our mobile phones, laptops and tablets.
BYOD (Bring Your Own Device) can present many operational benefits for organizations during the holidays, but it also brings a higher level of risk than usual – not only are the Christmas holidays one of the peak seasons for device thefts and home burglaries, but around a third of IT professionals report of having to deal with a security issue caused by a device being lost at a Christmas party, bar or restaurant over the Christmas period, and one in five report IT issues related to devices being left in taxis or other forms of public transport.
While nobody sets out to lose a device, least of all a device containing sensitive information, organizations need to ensure they are prepared for the worst, should a loss or theft occur.
Reviewing BYOD policies this holiday season
Developing a robust BYOD policy is crucial before allowing employees to carry out work remotely. In order to minimize the risks associated with BYOD, organizations should:
- Ensure employees are fully aware of what apps and software are not permitted on their device – most employees who download unauthorized apps do so with no malicious intent, however in doing so they introduce security vulnerabilities.
- Ensure employees are using strong passwords to protect devices and all applications, and that passwords are changed on a regular basis – a password locked device is often the first line of defense against a data breach, and could mean the difference between an inconvenience and a full-scale nightmare.
- Use multifactor authentication when accessing apps that are used to manage or store sensitive data.
- Encrypt devices and have a method of remote wiping the device should it be lost or stolen – by ignoring encryption, organizations leave themselves significantly more vulnerable to security breaches.
- Set criteria for levels of access to infrastructure and systems for each employee.
- Train employees on cyber-security best practices.
- Update security software on BYOD devices.
Communication is key
It is essential that each and every employee is kept up-to-date with the company’s BYOD policies, and that support is given to ensure such policies are adhered to. When communicating policies with employees, it can help to consider the following:
- Use real-life, industry relevant examples that employees can relate to.
- Speak to them in a language they understand and avoid using technical jargon.
- Be explicitly clear about what is acceptable, and what isn’t.
Developing efficient BYOD policies in the workplace, and ensuring that all staff are adhering to them will require excessive planning and resource expenditure. This may seem like a time-consuming or laborious task, but the alternative option – a data breach – will be much worse in the long term.
At Scrypt, security is our highest priority, and we can support healthcare organizations looking to take the leap into BYOD with our HITRUST certified secure message application; DocbookMD. Get in touch today to find out more.