With more and more companies now using mobile devices and flexible working, staff in some businesses are expected to use their own laptops, phones and tablets for work. If you are considering a “Bring Your Own Device” (BYOD) approach, the National Cyber Security Centre (NCSC) have put together some guidance about how to maximise the benefits whilst minimising the risks.
- Limit the information shared by devices – staff are used to sharing their information with other users and in the cloud. The automated backup of device data to cloud based accounts can lead to business data being divulged.
- Create an effective BYOD policy – ensure that personally-owned devices are only able to access business data that you are willing to share with authorised staff.
- Consider using technical controls – container applications and technical services such as Mobile Device Management can help you remotely manage personally-owned devices, but they can impact the usability of the device.
- Plan for security incidents – when incidents occur, act quickly to limit losses. Could you remotely wipe sensitive data from a personally-owned device if it was lost or stolen?
- Consider alternative ownership models – restricted devices may not appeal to some users, so consider giving staff a choice of approved devices which are purchased and controlled by your organisation.
- Encourage staff agreement – communicate your BYOD policy through staff training so they understand their responsibilities when using personally-owned devices for work purposes.
- Anticipate increased device support – your services may need to be accessed by different types of device, so ensure you have the IT support capability and expertise to manage a growing range of devices.
- Understand the legal issues – the legal responsibility for protecting other people’s personal information is with the data controller, not the device owner. Read the ICO’s BYOD guidance here >