Sure, no one wants to be the victim of a data breach, but few companies are eager to open their wallets for the guidance of information security professionals. However, after hearing that the average data breach costs a company $3.8 to $4 million, you might change your stance.
In an age of fast-evolving technology, where companies are expected to adopt the latest technology trends in order to stay relevant, information security is not something that your company can bury its head in the sand about.
Be Strategic About BYOD Policies
At face value, adopting a bring your own device (BYOD) technology policy may seem dangerous in terms of information security. However, with this policy leading to more satisfied employees in the majority of cases, the benefits that offering this flexibility will provide you can outweigh the risks if done safely and strategically.
Establish a Mobile Device Management Team
Before implementing a BYOD policy, assemble a small internal mobile device management team whose goal will be to determine and enforce the specifics of your company’s BYOD policy. Setting clear guidelines and parameters of usage and settings for mobile devices can help to establish clear boundaries and keep your entire team on the same page and your company’s information secure.
Have the mobile device management team devise an onboarding document that breaks down all of the basic parameters of your company’s policy and what that means for employees. This digital document should include a step-by-step breakdown of your preferred settings for Wi-Fi, exchanges and proxy servers, as well as the preferred general device settings and specific app settings.
Create a protocol for passwords to ensure strength and avoid hacking. Depending on what kind of information you work with, you may also want to craft a policy regarding the encryption of sensitive data and how to safely share this kind of data with colleagues. If there are any particular apps or websites that concern you, such as games, Skype calls or Facebook chatting, you can also use this as an opportunity to create application control policies to limit use during work hours.
Identify Acceptable & Unacceptable Devices
It can also be helpful to minimize the kinds of acceptable BYOD devices. For instance, newer devices like the Samsung Galaxy S7 edge have state-of-the-art features like military-grade mobile security that older, outdated smartphones just can’t compete with. Have your mobile device management team identify the devices with the best and worst security features and limit your BYOD policy accordingly.
Minimize the Weakness of Legacy Technology
Just as outdated smartphones can pose risks to your data security, so can other outdated types of technology. Legacy technology presents some of the biggest vulnerabilities to businesses hanging onto outdated equipment, applications, tools and technology processes.
To counteract this risk, adopt a one-in-one-out policy in which you retire an old application, server, software or any other type of technology when you adopt a newer version into your business practice. While officially retiring a legacy solution can be costly and often requires substantial time to migrate all of the old data from the legacy technology to the new option, minimizing the amount of technology that needs to be secured can save your company time, money and frustration in the long run.