We're
looking at 10 actionable ways to improve the security of remote
working, and protect confidential data on personal devices. 
To learn more about developing your own Bring Your Own Device policy, read our blog post: The Impact of BYOD on Organisation Security
Thankfully, education is the most powerful tool for combating these problems - and by raising awareness of the common tactics employed by malicious third-parties, your workforce can reduce the risks of succumbing to them.
By offering a range of pre-approved devices for employees to use, security features can be built into the device from day one - and ownership over data and applications remains within the remit of the organisation.
An exit plan will detail the steps employees need to go through to ensure the removal of sensitive information - and by making these expectations clear from day one, the interests of both employee and organisation will be protected.
1) Develop a Bring Your Own Device Policy
To address (and remedy) the problems associated with Bring Your Own Device working, it's essential to create a formal and codified BYOD policy. This policy should raise awareness of the problems associated with remote working, and outline the procedures employees need to follow to secure their devices; whilst being flexible enough to adapt in response to employee feedback.To learn more about developing your own Bring Your Own Device policy, read our blog post: The Impact of BYOD on Organisation Security
2) Educate About the Best Practices of Password Security
A password is a crucial first layer of security on a personal device. Whilst most people understand the importance of passwords, few understand the best practices of effective password security. It's important to educate employees on password security, and create a set of codified minimum standards to ensure that passwords are as effective and secure as possible.3) Discuss Physical Threats, As Well As Remote
Many of the criticisms levied at the Bring Your Own Device trend concern the remote security of personal devices. However, remote security is only half of the problem - and physical vulnerabilities, from lost and stolen devices, represent a serious risk for organisations.4) Address the Risks of Phishing and Social Engineering Attacks
In particular, the problem of phishing and other social engineering is growing in prevalence. Fake login pages on social media sites, emails with malicious attachments and even fraudulent phone calls are all used to gain access to personal devices and sensitive information.Thankfully, education is the most powerful tool for combating these problems - and by raising awareness of the common tactics employed by malicious third-parties, your workforce can reduce the risks of succumbing to them.
5) Enroll in ‘Find My Device’ and Remote Wipe Services
In the event of a stolen or lost device, it's important that your organisation can reduce the risks of sensitive data falling into the wrong hands. Thankfully, services exist that can identify the location of lost devices, and if necessary, erase all of the data from them - removing all sensitive and confidential information from the device.6) Clarify Ownership Over Apps and Data
However, erasing data on a personally-owned device brings with it its own set of problems. Though confidential business information will be erased, so too will a plethora of personal information and applications. It's important to discuss where authority lies in these situations - and set expectations for the potential loss of personal data.7) Decide If Any Apps Should Be Banned
Not all applications are created to the same standards of security. If popular applications suffer from a well-known vulnerability, it makes sense to prevent employees from installing these applications onto a device loaded with confidential data.8) Enforce Your BYOD Policy
Many organisations create a Bring Your Own Device policy, but due to a lack of support, find themselves simply paying lip service to its principles. Your policy needs an executive mandate, with compliance regarded as an essential responsibility of any employee choosing to use a personal device.9) Consider Switching to a CYOD Policy
Instead of creating a retroactive security policy, and attempting to secure an existing device, Choose Your Own Device (CYOD) allows organisations to be proactive - acknowledging the benefits of remote working, and taking ownership of the security risks involved.By offering a range of pre-approved devices for employees to use, security features can be built into the device from day one - and ownership over data and applications remains within the remit of the organisation.
10) Create an Exit Plan
When an employee leaves the company, they have a right to take their personal devices with them - but what happens when confidential corporate data is stored on their device?An exit plan will detail the steps employees need to go through to ensure the removal of sensitive information - and by making these expectations clear from day one, the interests of both employee and organisation will be protected.
No comments:
Post a Comment