1. Business Ideas
  2. Business Plans
  3. Startup Basics
  4. Startup Funding
  5. Franchising
  6. Success Stories
  7. Entrepreneurs
  1. Sales & Marketing
  2. Finances
  3. Your Team
  4. Technology
  5. Social Media
  6. Security
  1. Get the Job
  2. Get Ahead
  3. Office Life
  4. Work-Life Balance
  5. Home Office
  1. Leadership
  2. Women in Business
  3. Managing
  4. Strategy
  5. Personal Growth
  1. HR Solutions
  2. Financial Solutions
  3. Marketing Solutions
  4. Security Solutions
  5. Retail Solutions
  6. SMB Solutions
Product and service reviews are conducted independently by our editorial team, but we sometimes make money when you click on links. Learn more.
Grow Your Business Security

4 Security Tips for a Successful BYOD Policy

4 Security Tips for a Successful BYOD Policy
Credit: rvlsoft/Shutterstock

Having the right technology is often the key to a successful business, but not every company has the means to provide its employees with devices like laptops, smartphones and tablets. For this reason, BYOD (bring your own device) policies are becoming increasingly popular.

But these policies can get complicated, as employees using their personal devices for work can be a major security issue. For a successful (and safe!) BYOD program, businesses need to make sure they take proper security measures.

Want to implement a BYOD policy in your office? Thiruvadinathan A., director of security and compliance at IT company Happiest Minds shared these tips.

1. Have a defined email security policy. A lot of important information is exchanged via email within a company, so it's critical to protect that information, A. said, noting that there are simple ways to do so through a company's existing email infrastructure using suites like Microsoft Exchange or Office 365. [For a side-by-side comparison of the best anti-virus software for small business, visit our sister site Top Ten Reviews]

 

For example, "you can limit email retention and attachment sizes," A. said. "By limitingthe retention of email on a device, management can make [the] passage of time … work to their advantage. If a device without a retention policy was accessed by a malicious user, potentially years of emails can be exposed."

By limiting the retention, A. noted, only the most recent exchanges would be accessible, as older threads would be deleted. And by limiting attachment sizes, you can prevent wholesale disclosure of privileged corporate data, A. said.

"If a malicious user tried to email a large archive file, perhaps over 10 MB in size, any attempt to send the file would fail and alert IT staff."

2. Require authentication to gain access. It's important to make it so that only the people who need access to certain information can access that information. Corporate networks should use ACLs (access control lists) that define which users, protocols, applications and specific devices have access to specific parts of the network, A. said.

"For instance, certain departments would only have access to specific file servers, printers or databases. This limits the amount of information that a malicious user could access, even if they had access to a device," A. said. "Depending on the company, these ACLs also prevent users from reaching file-sharing websites, personal email or any other activity that would be potentially harmful to a company's proprietary information."

Businesses should also use a VLAN (virtual local area network) to help maintain control, he said.

"Planning and creating a VLAN for BYOD devices will help maintain control," A. said. "By putting all BYOD devices on their own VLAN, it separates them from network resources that management would not want them to access."

3. Use layers in network defense. Since most devices use a wireless connection, it's important to add extra layers of protection to wireless access.

"These devices can be integrated into an enterprise wireless network, but they must be trusted before accessing resources," A. said. "One way to ensure trust is to enforce a tight network access and security policy by having each user authenticate themselves to the domain controller."

4. Enforce the rules. It's important to note that even though employees own their devices, they're still using the company's corporate network and must follow the rules, A. said.

"While network security devices are often already in use before a BYOD policy is implemented, it helps to be sure that BYOD devices are especially scrutinized," he said. "One way to make this happen is by directing all traffic to and from BYOD devices through a firewall as well as an IPS [intrusion prevention system] or IDS [intrusion detection system]. By implementing this approach, certain file types, websites, protocols or anything that the company frowns upon can be blocked from the get-go."

This is especially useful, A. noted, if a BYOD device is infected by malware, as these measures can block malicious programs before they can cause harm.

Brittney Helmrich
Brittney Helmrich

Brittney M. Helmrich graduated from Drew University in 2012 with a B.A. in History and Creative Writing. She joined the Business News Daily team in 2014 after working as the editor-in-chief of an online college life and advice publication for two years. Follow Brittney on Twitter at @brittneyplz, or contact her by email.