3 Tips to Secure Data in a BYOD Environment

By Eric Noonan • January 14, 2016

Bring your own device (BYOD) is the use of an employee’s personal mobile device, e.g., smartphone, tablet and/or laptop, to access a company’s data or network.  Once a trend, BYOD has gained wide acceptance across businesses succeeding in today’s markets.  Findings from Tech Pro Research in early 2015 indicated “74 percent of organizations [are] either already using or planning to allow employees to bring their own devices to work.” What is the main motivator for this movement? A study conducted by IBM found the main advantages of the BYOD environment were a rise in employee productivity and satisfaction as well as overall financial savings for the business. The benefits of BYOD are great, but what does it mean for the overworked IT environment already combating constant attacks on their network?

Ultimately, allowing employees to use personal devices to access company proprietary information opens the business to potential cybersecurity risks.  The risk of a non-company owned device being lost or stolen, lacking necessary anti-virus software, or accessing data that is not encrypted, all leave an organization’s data vulnerable and can lead to a data breach resulting in significant financial loss. As 2016 gets underway, the discussion on the protection of organization-controlled data becomes even more relevant.  With the growth of BYOD in 2015, it is not a question of how an organization can avoid the adoption of this movement, but rather how can a business mitigate the risks associated with it?  To address some of these concerns, CyberSheath has outlined 3 common industry best practices to begin the process of ensuring your data is secure within a BYOD environment.

3 Tips to Secure Data in a BYOD Environment

1: BYOD Policy

For starters, employees must have permission to use their personally owned devices for business purposes.  A good place to begin is with a strong BYOD policy.  The policy must clearly define the organization’s expectations of its employees when using their personal devices to conduct company business.  Requirements for employees, such as requiring anti-virus software on non-company devices, enforcing a two-step authentication or putting company proprietary information into secure content lockers, are guiding principles that offer increased security to an organization.  Industry educational institutions, such as the SANS Institute, encourage the use of policy development and describe them as the “practical steps necessary for defending systems and networks.”  Policies enable organizations to hold employees accountable for their actions.

2: Encryption

While policies provide guidance and permission to employees, policies in of themselves do not secure the data.  Encryption is one of many ways to secure data on a personally owned device.  In 2015 the Office of Personnel Management (OPM) learned the hard way the importance of encryption when discovered in hearings held by the House Committee on Oversight and Government Reform that “the data stolen in the massive OPM breach was not protected by practices like data masking, redaction, and encryption.” Encryption is an excepted best practice to meet compliance regulations that require the protection of data, and as expressed in hindsight by Rep. Elijah Cummings, D-Md. at the OPM hearing, “should become the norm.”

3: Training

The third most important tip for the BYOD environment is training.  While having a good policy in combination with strong encryption can protect the data, training brings it all together for the employees.  Training employees on policies, how and when to use encryption and secure content lockers, go a long way in the fight against data breaches.  Training enforces acceptance of the BYOD policy and employees can no longer use the reason “I didn’t know how” to secure my [data/mobile device/email/document].  While the above suggestions can be implemented relatively easily properly training employees on the policy and technology to support the policy is far more cost-effective than dealing with a data breach due to an uninformed employee.

How CyberSheath Can Assist Your Organization Mitigate the Risk of the BYOD Environment?

To start, as part of our Staffing and Residency service offering CyberSheath can provide the experts necessary, whether transitioning or reevaluating your current BYOD environment, to create the policies and procedures critical to securing your digital assets.

Cybersheath Blog

CMMC Compliance Dashboard: Gain New Visibility into Compliance

CMMC is not a compliance framework. It’s a maturity model. That has big implications for how you approach compliance, but also how you keep track of all the elements that make up compliance. And yet, visibility has been one of the most difficult challenges facing DIB contractors. It used to…

CMMCEnclave: Add Versatility with a More Flexible Approach

The enclave approach to CMMC compliance is one of the most cost effective and least disruptive ways to safeguard CUI. You can maintain high-value custodial security of CUI without upending your existing processes, procedures, and people. That way, you can maintain the proper level of CMMC compliance and remain eligible…

How to Offboard Your Managed Services Provider

For any of a variety of reasons including lack of communication, slow response times, or prolonged downtime, your organization has decided to change your managed service provider (MSP). Whether you have already signed an agreement with a new MSP or you are actively looking for a replacement, now is the…

Our Trusted Partners

Cyberark McAfee Thycotic RSA Tenable Alien Vault Alert Logic Microsoft