A number of CIOs are eager to allow staff to bring their own devices to work, with the enterprise either completely or partly paying for connectivity. But Dell Inc. notes that while BYOD initiatives can be great for employees, they often pose a potential nightmare for the organization if regulations aren’t complied with. Here are five best practices it recommends. All images from Shutterstock.com
Confirm and protect regulated data
Start by identifying all regulated data, then determine which data will be generated on, accessed from, stored on, or transmitted by BYOD devices. Then decide on the best strategies for protecting data it and ensuring compliance. You may need a combination of encryption, secure mobile workspaces and data leakage protection.
Control access to data and networks
Deploy solutions for monitoring, tracking and controlling access rights according to a user’s identity, device type, location, time of access and resources accessed. In addition, prevent employees from accessing data on unsecured (or jailbroken) devices or transmitting unsecured data using their own device.
Secure devices
Craft extra security for employee-owned devices. As a first step, require a password to access devices or the secure workspaces on them. In addition, a smart card reader or fingerprint reader can prevent unauthorized access to tablets and laptops if they are lost, stolen or inadvertently used by family or friends.
Develop compliant apps
A secure device isn’t much help if the apps aren’t complaint. To assess application compliance, ask the following questions: Can the multifactor authentication required for enterprise applications be employed on smartphones? Are the mobile devices storing sensitive information? Does a secure Web session expire in the same amount of time on a tablet as it would on a corporate desktop? To show proof of compliance, be sure the solution supports appropriate reports and audit trails.
Train staff on the importance of maintaining compliance
Employees have to understand the critical importance of adhering to regulations and potential consequences of compliance failures. Mobile employees must be especially sensitive to potential breaches while outside corporate walls. A signature on a document promising adherence to rules is not enough. Ongoing education is essential.