20 Points to Include in a BYOD Policy to Reduce Security Risks

BYOD is an acronym for 'bring your own device'. Numerous companies have adopted a bring your own device to the workplace policy. Employee productivity is a key factor for adopting a BYOD program. Many organizations, however, do not have written guidelines in place. Allowing employees to access the corporate network with personal laptops, smartphones and tablets will increase security risks. Data breaches are commonplace among companies that allow personal devices to connect to the company’s network. Most experts will agree that preventing the opportunity for a hacker to access data is preferable to a breach. These twenty points should be included in a BYOD policy to reduce security risks.

  1. A list of applications that are/are not allowed should be listed in the policy.
  2. Access should be limited based on employee profiles and enforced.
  3. Banned or illegal materials are not allowed to be transmitted on the organization’s network.
  4. Company sanctioned browsers should be utilized exclusively while connected to the organization’s network.
  5. Detailed information on reimbursement guidelines should be included.
  6. Devices must be checked by the IT department upon termination of employment.
  7. Each device should lock after remaining idle for five minutes and require a password to unlock.
  8. Employees assume liability for own personal devices.
  9. Employees should engage only in activities that directly or indirectly affect the business while connected to the organization’s network.
  10. Employees understand that the company maintains the right to disable services/disconnect devices without notification.
  11. Include a list of devices that are allowed with specific information on brands, models, and operating systems in the policy.
  12. The IT department should maintain the ability to remotely wipe personal devices in the event of a threat, loss or upon termination.
  13. Lost or stolen devices must be reported to the IT department immediately.
  14. Member of the company IT department must check each personal device before the device may be connected to the network.
  15. Noncompliance with the policy could lead to termination.
  16. Password-protected devices only are allowed to access the organization’s network.
  17. The company maintains the discretion to block access to certain websites while connected to the organization’s network.
  18. The employee assumes full responsibility for backing up e-mails and contacts on personal devices.
  19. The organization’s network may not be utilized to harass others or to participate in outside activities.
  20. The policy excludes texting and e-mailing and allows only hands-free phone conversations while driving.

*Photo courtesy of Free Icon Images at Iconshut.com on Google Images.

 

NT3RNT RITR

NT3RNT RITR