How to Safely Manage Mobile Devices in Your Organisation
Authored by Iynky Maheswaran, Head of Mobility
Technology has become a permanent staple in everyday living. The lines of work and personal life have become blurred, with employers allowing or requiring employee devices to be used for business purposes. As the shift toward employee empowerment becomes more of a necessity rather than an option, knowing what a BYOD program is and how it can help your company is important.
Why a BYOD program?
Companies have a number of reasons why this would work for their organisation, but some of the main reasons are: increased productivity, lower IT costs and spending, lower security risks, work flexibility and enhanced work environment.
Although this can save your company a lot of money, there are a number of protocols that should be in place to have an effective BYOD program. Without a strong infrastructure, company files, client information and internal protocols can quickly become compromised. Here are a few key steps in managing mobile devices within your organisation:
STRATEGY IS KEY
Having a BYOD strategy in place will help explore innovative ways to enhance productivity. A sound business case and goal statement should clearly outline why this makes good business sense and how it can help the company move forward. The strategy should have input from all the stakeholders within the organisation. Creating a cross-business mobility group will address every scenario and need to establish key benchmarks for organisational success.
DEVELOP A SUPPORT AND OPERATIONS MODEL
The mobility group’s scenarios should serve as a blueprint for the creation of a support and operations model. This model should identify and quantify costs and benefits, address hidden costs such as increased data bills and support expansion, and outline potential advantages such as increased recruiting success rates with younger employees to help solidify the strategy for BYOD.
ANALYSE THE RISK
In every new implementation, there is a certain amount of risk. Ask yourself the following questions:
- Who will pay for data services?
- What happens if the device breaks while on company business?
- What are the benefits to having the program?
- Will the incentives outweigh the risk?
Once you have the answers to these questions, the data gathered from the mobile scenarios should help:
- Assess the data stored and processed in the devices.
- Assess the access to corporate resources and apps.
- Develop contingency plans for lost or stolen devices.
- Incorporate geographically relevant data and privacy laws.
- Consider the impact of using BYOD while traveling to countries with data import/export restrictions.
CONSIDER THE BENEFITS
Although there is a high level of risk involved, there are also additional benefits:
- Employees usually keep the latest technology up-to-date on their personal devices, which means the company will have work done on the best devices with all the features and capabilities without having to incur the costs.
- BYOD programs are attractive selling points for your organisation in attracting and retaining the best personnel.
- Most employees continue their work day long after they have left the office.
- Employees maintain their devices, freeing up the IT department to handle other tasks within the company infrastructure.
DEVELOP A BYOD POLICY
Once you have decided a BYOD program is feasible, a flexible, but enforceable policy will protect the company and its employees. Limiting the risk to data accessibility is key in ensuring effective protocols will be outlined and enforced. The BYOD policy should complement the existing security and governance policies, and should address the following:
- General security requirements for all mobile devices.
- Authentication (passcode/PIN) protocols.
- Storage/transmission encryption protocols.
- Usage restrictions.
- Login attempt alerts and automatic data erasure.
- Rights to monitor, manage and wipe.
- Protocols for mobile data usage and international travel.
- Extensive acceptable use and liability standards.
SECURE BYOD DEVICES AND APPLICATIONS
The implementation of a MDM solution or other management utilities will assist in the management and enforced security protocols on the BYOD. All standing policies should be defined by the risk assessment.
TESTING AND VERIFICATION OF SECURITY PROTOCOLS
All security protocols should be randomly tested at regular intervals to ensure effectiveness. Assessments should be performed using an integrated testing approach, combining automated tools and manual penetration testing. The testing should be done by a trusted third party that has a proven track record of assessing mobile deployments. Macquarie Telecom recommends assessing the entire implementation, testing the management solution, apps and devices as a whole component. Testing the infrastructural changes that allow the BYOD to connect to the main network through Wi-Fi deployments or VPN endpoints is also a crucial component of ensuring system integrity.
MEASUREMENT AND BEST PRACTICES
After the implementation, all key performance indicators of the BYOD program should be measured to use as a means of continually improving the protocols and infrastructure. Direct user feedback should be used extensively to identify and resolve areas of improvement.
Giving employees a choice in how they contribute to the work environment can improve morale while positioning your company as a leader in advanced workplace initiatives.
Macquarie Telecom provides a wide range of BYOD solutions for businesses. With one of the most comprehensive selections of enterprise mobility services available, we can help you create a secure, cost effective and productive mobile workforce.
Want to start a BYOD program for your organisation? Contact us at 1800 004 943 or by submitting an online enquiry today.
Macquarie Telecom provides a wide range of BYOD solutions for business. With one of the most comprehensive selections of enterprise mobility services available, Macquarie Telecom can help your company create a mobile workforce that is secure, cost-effective and productive.