Guest author: Mike Johnson
It’s a CIO’s worst nightmare–an employee that had previously been trusted with BYOD suddenly leaves the company, walking out the door with company data still on a personal device. How can we deal with this when it happens?
1. Have a written BYOD policy in place: Define what is considered “business use” and what is not, which apps are allowed (or not), what security measures must be taken, procedures to follow if a device is lost, and so on. Start with the basics and continue brainstorming “what if” scenarios to add to the policy as time goes on.
2. Remember other company policies: With non-compete, nondisclosure and confidentiality agreements already a condition of employment, using this data for personal gain is already clearly prohibited. This should be some comfort against fears of employees taking data to a competitor.
3. Force data to the cloud wherever possible: Set up automatic syncing procedures to ensure that all data is backed up to company-controlled servers. This prevents an employee from taking significant amounts of company data with them that can’t be recovered elsewhere.
4. Do security checkups: Perform occasional security checks on devices to be sure that employees are keeping them up-to-date. This can be performed manually or remotely. Write this into the BYOD policy as well, so users know to expect it.
5. Consider who’s using the device: Ultimately, how data is used comes down to the integrity of the person accessing it. A BYOD policy can be powerful, but headaches can still happen if an employee is determined to circumvent these policies. Be sure that your new hires understand BYOD rules, and avoid interviewees who don’t embrace integrity as part of their job role.
What do you think? Can these steps reduce BYOD nightmares? Or is this just hype, and even more security measures need to be taken to truly protect company data?