Cybersecurity, Policies and Training

Adapt BYOD Policy to Account for Tech and Culture Change

Over the last decade, Silicon Valley’s constant drive to innovate has led to the development of ever-faster, more powerful ultra-portable devices such as tablets and smartphones. These network-hungry devices are ever-present, with more and more employees expecting mobility as part of their day-to-day work life.
The recent appearance of wearable technology such as smart watches (all part of the Internet of Things, or IoT), and the ability to push digital aspects of work and home life to the cloud-based applications and storage, further reinforce expectations for flexibility in access to enterprise software and the company network.

How, then, as an IT professional, do you balance the increased employee demand for network access on personal devices, with the necessity to keep your company’s systems and data safe?

The Importance of Revisiting BYOD Policy

One of the best ways—still—to address the security risks posed by personal devices is through a clearly stated BYOD (Bring Your Own Device) policy that fits your company’s culture. Revisiting your BYOD policy, particularly if you haven’t done so in the last few years, will allow you to account for recent tech innovations that have both the potential to undermine and bolster security. Two recent developments that deserve consideration (or reconsideration) include:

  • Updated MDM (Mobile Device Management) Software
  • Biometric Security Measures

Unlike earlier iterations, modern MDM programs allow the employer to create a partition on the employee’s device that would separate personal and work data, rather than locking down the entire device. They also allow IT Admins the ability to remotely delete partitioned contents in case the employee’s device is lost or stolen. This way, an employee could still download and play Homescapes, and not put your system and data at risk.

Newer devices from Samsung, Apple, and Google, among others, now include password-alternative unlocking techniques, such as fingerprint and/or facial recognition capabilities. These features are touted as convenient and secure. However, as with many newer technologies, they are not without their drawbacks.

Biometric sensors do have the ability to be fooled. There was an issue with Samsung’s facial recognition software, which made it incredibly easy to gain unauthorized access to the device. Apple’s Face ID, which uses depth scanning to create an intricate map of an individual’s face, appears more dependable. Fingerprint scanners can also be fooled. However, these “hacks”are less likely to stem from a crime of opportunity, and would instead be directed at high-value employees.

Perhaps the biggest drawback of biometric scanning, is that it still relies on a master password, PIN, or pattern recognition to function properly. So, at the end of the day, even the flashiest of technologies still relies on providing employees with appropriate security training to comply with your BYOD policy.

As always, the best policy will require that you work with HR representatives, to set appropriate employee expectations, and ensure that you’re not only securing your IT infrastructure, but that you don’t introduce other types of risk to the company.