Securing Employee Technology, Step by Step
October is National Cyber Security Awareness month. With the popularity of smartphones and tablets growing in the consumer markets, many employees choose to “bring your own device (BYOD)” to work with them. This is part 13 in a series of blog posts we will be publishing on various topics aimed at educating you on how to stay protected on today’s Internet landscape.
Mobile devices are indispensable for many companies. In a recent Symantec survey, nearly three out of four small and medium-sized business owners said that smartphones and tablets are critical for making their teams more productive. As business use of these devices expands, so does the need to secure them. This is especially true at companies that let employees “bring your own device” — an approach commonly known as “BYOD.”
Developing a sound BYOD policy can help you reap the productivity gains that mobile devices offer while protecting sensitive business data. These steps can help you create a policy that works for your company:
Assess your BYOD needs
Talk to your employees or your IT staff, or conduct a brief online survey to understand how employees use their mobile devices for business. For example, do they access the company server, read work-related email or use business-related apps? Which devices and operating systems do employees use to access your network? This information will dictate what your policy should cover and the specific steps they can take to secure their devices, and it can help you choose the right security software to protect them.
Talk to your team about the potential risks of using mobile devices, and the importance of managing these risks. Require employees to follow security best practices, including:
- Setting complex passwords for mobile devices and any work-related programs that can be accessed through those devices. Passwords can be set through a device’s settings menu; for an iPhone or iPad, switch off the “Simple Passcode” option.
- Changing passwords on a regular basis — for example, every 90 days. Password manager services such as LastPass or KeePass can help employees manage multiple passwords.
- Installing system updates and app updates when a device prompts them to do so, to help protect against security vulnerabilities.
- Looking out for phishing emails and text messages, and avoiding clicking on links or downloading files from unknown sources.
- Researching mobile apps before downloading and avoiding downloading apps from third party, or unofficial, app stores.
Explore products that will help you build on employees’ efforts and strengthen the security of the mobile devices used in your business. One important tool is security software such as Norton Small Business that protects against mobile malware and other threats — more than half of Android apps contain potential privacy leaks or greyware that can hinder productivity, research from Norton has found. Some newer products provide these protections and include remote locate, lock and wipe features to help find and secure lost or stolen devices. They also allow users to manage device protections from a central Web portal.
If employees use their smartphones and tablets to access the company network remotely, consider using a virtual private network (VPN) service, which creates an encrypted “tunnel” in the Internet for traffic to pass through. Mobile apps are available that allow users to connect to a VPN through their smartphone or tablet.
Define acceptable use
Set guidelines to clarify how employees can use mobile devices for business purposes or during business hours. For example, you might allow your team to access email, calendars and certain documents, but prohibit them from accessing or storing financial-related data or other sensitive files. Specify any websites or apps you do not want employees to access during work hours.
Decide how to enforce
Determine what the consequences will be for not complying with the policies you put in place. For example, accessing a prohibited app during work hours might result in a warning, while storing confidential files or downloading a malicious app from an unknown source might lead to loss of company funding of mobile devices. Make clear in your policy how specific violations will be addressed.
Thinking through these steps will help you build a firm foundation for your BYOD policy.
Norton Small Business can be a valuable part of your mobile device security plan. Designed for companies with fewer than 20 employees, it provides comprehensive protection for smartphones, tablets, PCs and Macs; remote lock and wipe capabilities to safeguard data on lost or stolen devices; and scalability to easily add devices as your business grows. Norton Mobile Security provides these protections for companies with 20 or more employees. Start protecting your company’s devices and data today.
This is part 13 of a series of blogs for National Cyber Security Awareness Month.
For more information on various topics, check out:
5 Ways You Didn't Know You Could Get a Virus, Malware, or Your Social Account Hacked
How To Choose a Secure Password
How To Avoid Identity Theft Online
How To Protect Yourself From Phishing Scams
How To Protect Yourself From Cyberstalkers