IS Decisions logo

IS Decisions Blog

BYOD: Six steps to multi device security

Bring your own device (BYOD) causes concern for IT as it equates to a wider base of devices gaining access to network resource.

Updated February 23, 2024
Stronger access control management

Why does bring your own device (BYOD) worry IT managers? It all comes down to a wider base of devices gaining access to network resources. But with remote and hybrid work here to stay, employees asking to use their own devices for work is now commonplace.

So, what what are the risks? And how can IT managers implement BYOD security measures?

The real issue is data security

Before the pandemic, our original IS Decisions research asked 250 UK IT managers about their primary network security concerns. BYOD was fairly low on the list, at 8 out of 10.

However, concern about data loss was second only to viruses. And loss of company data is the real concern when it comes to BYOD. We can make an educated guess that this concern is even higher now.

Why? With the boom in remote work, more employees are using their own devices. This opens up the potential for unsecured devices to get lost or stolen, or otherwise end up in the wrong hands.

So, how do you create a secure environment if your organization's employees use their own devices? Is it possible for IT managers to mitigate the risks of losing data when personal devices access the network?

BYOD best practices

If your organization allows BYOD, here are a few best practices to follow, specifically for Windows network infrastructures.

1. Limit or prevent concurrent logins

This is your first line of defense in BYOD security. Only allow one login using the same credentials at a time. So you can ensure that whoever is gaining network access, via whatever device, is the owner of those credentials.

If a device is lost or stolen, then no one can gain network access using their credentials as long as they are logged in elsewhere. More on limiting concurrent logins on a Windows Network.

2. Limit working hours or session times

Automatically log off users after a set period or at a set time. This is another key way to limit the risks that come with BYOD. So, if a device goes missing while a user is logged in, the system will automatically log the user out. More on restricting and enforcing user logon time.

3. Limit access according to device

Set strict access policies for network access from your users’ devices. This is most direct way to reduce your vulnerable network surface area as well.

Track the devices your employees use to access corporate data, and limit each user’s access to those set devices. By doing so, you can greatly lower the risk of potentially harmful intrusions. More on access restrictions for PC, laptop, or tablet.

4. Keep a detailed log of registered devices

Once you start tracking and registering devices with access to the corporate network, keep your list up to date. Use specific details. This way, you’ll know which users and credentials relate to which device.

Your device list will come in handy when employees leave the company, too. It sounds obvious, right? But you'd be surprised how often this little detail gets overlooked. Work closely with your HR department, so they notify you when an employee leaves. Then, remove access rights for ex-employees' devices.

5. Have a strict BYOD security policy

Surprisingly, IS Decisions research found that 29% of IT professionals do not have any kind of security policy for their organization. Let alone a policy specific to employees using their own devices. Again, this might seem obvious, but you're going to need one of those!

To create a secure, flexible work environment when employees use personal devices for work, you need to make those restrictions, and the reasons behind them, clear. It's going to be hard to implement BYOD securely without a security policy. You can also use software to regularly remind users of what policy is at relevant times using custom alerts.

Be clear about what your policy is looking to prevent, and even mention the contractual or legal implications of attempting to get around the policy to highlight the severity of a breach.

6. Monitor and respond to suspicious behavior

Once you put the above in place, the last step is to ensure you can monitor access to the network in real-time. By doing this, you'll better understand what suspicious behavior looks like. By responding quickly to suspicious behavior, you'll not only reduce the risk, but you'll also help educate users on the risks of using a personal device for work.

Implementing BYOD securely

Today, most IT managers and CIOs are familiar with requests for employees to be able to use their own mobile devices, tablets or laptops. And, to be fair, there are benefits to implementing BYOD.

For one, allowing multiple devices to gain network access can complement a more flexible work model one that often boosts productivity. What's important is to put BYOD security measures in place. Follow BYOD best practices, and it's possible to enjoy the benefits and minimize the risks.


BYOD is quickly becoming the rule rather the exception. But native Windows Server functionality isn't enough to secure user access from personal devices. UserLock helps lower this risk to corporate security by empowering IT to track, record, and automatically block all inappropriate or suspicious sessions.

This article originally appeared in Risk UK: The journal of risk management, loss prevention and business continuity. We last updated this article for the IS Decisions blog on June 10, 2023.

Try UserLock for free

3400+ organizations like yours choose UserLock to secure access for Active Directory identities and meet compliance requirements.

Download a free trial