Why does bring your own device (BYOD) worry IT managers? It all comes down to a wider base of devices gaining access to network resources. But with remote and hybrid work here to stay, employees asking to use their own devices for work is now commonplace.
So, what what are the risks? And how can IT managers implement BYOD security measures?
The real issue is data security
In a pre-pandemic piece of IS Decisions research, we asked 250 UK IT managers about their primary network security concerns, and BYOD was fairly low on the list at 8 out of 10. However, data loss was second only to viruses, and it is loss of company data that is the real concern when it comes to BYOD. We can make an educated guess that this concern is even higher in today’s new world of work.
Why? Because employees using their own devices opens up the potential for unsecured devices to get lost or stolen, or otherwise end up in the wrong hands.
So, how do you create a secure environment for employees using their own devices? Is it possible for IT managers to mitigate the risks of losing data when users are use personal devices to access the network?
BYOD best practices
Here are a few best practices to follow, focusing especially on Windows network infrastructures.
1. Limit or prevent concurrent logins
This is your first line of defence in BYOD security. If you only allow one login using the same credentials at a time, you are more sure that whoever is gaining network access, via whatever device, is the owner of those credentials. If a device is lost or stolen, then no one can gain network access using their credentials as long as they are logged in elsewhere. More on limiting concurrent logins on a Windows Network.
2. Limit working hours or session times
Automatically logging off users after a set period or at a set time is another essential way to limit the risks that come with BYOD. If a device goes missing whilst it is logged in, the system will automatically log the user out. More on restricting and enforcing user logon time.
3. Limit access according to device
Limiting access to the corporate network requires a strict policy and access to your users’ devices. It is also the most direct way to reduce the vulnerable network surface area. By tracking the devices your employees wish to use to access corporate data, and limiting each user’s access to those set devices, you can significantly reduce the risk of any potentially harmful intrusions. More on access restrictions for PC, laptop or tablet.
4. Keep a detailed log of registered devices
Once you start tracking and registering devices with access the to the corporate network, it is important to keep your list up to date with specific details. This way, you’ll know which users and credentials relate to which device. This will be particularly useful when employees leave the company. You want to ensure you do not continue to allow access from their devices for work. To do this, we often advise working closely with your HR department so they notify you when terminations occur.
5. Have a strict BYOD security policy
This might seem obvious, but IS Decisions research found that 29% of IT professionals do not have any kind of security policy for their organisation. Let alone one that is specific to employees using their own devices. To create a secure, flexible work environment for those using personal devices for work, you need to make those restrictions, and the reasons behind them, absolutely clear. Implementing BYOD securely means including it in your security policy, for one. You can also use software to consistently remind users of what policy is at relevant times using custom alerts. Be clear about what your policy is looking to prevent, and even mention contractual or legal implications of attempting to circumvent the policy to highlight the severity of a breach.
6. Monitor and respond to suspicious behaviour
Once you have all the above in place make sure you have the ability to monitor access to the network in real time. By doing this you can understand what suspicious behavior looks like. By responding quickly to suspicious behavior, you will not only reduce the risk, you will helping educate users on the risks of using a personal device for work.
Implementing BYOD securely
Today, most IT managers and CIOs are familiar with requests for employees to be able to use their own mobile devices, tablets or laptops. There are many benefits to implementing BYOD within a business. For one, allowing multiple devices to gain network access can complement a more flexible work model, and ultimately to increased productivity. By putting the right BYOD security measures in place, and following these steps, it is possible enjoy the benefits and minimize the risks.
BYOD is quickly becoming the rule rather the exception. But native Windows Server functionality does not provide adequate means to secure user access from personal devices. UserLock alleviates this increased risk to corporate security by empowering IT to track, record and automatically block all inappropriate or suspicious sessions.
This article originally appeared in Risk UK: The journal of risk management, loss prevention and business continuity. We last updated this article for the IS Decisions blog on June 10, 2023.