A BYOD strategy is the best way to address the considerable risks that come with employees using mobile devices for work. One thing that users like about their mobile devices is that they are small but nonetheless powerful, but that combination has a lot to do with the risks they pose. Something that can fit in a pocket can easily be lost or stolen, and when a stolen or lost device has massive amounts of storage that contains lots of data, both personal and work-related. That’s where the problem lies.
A growing risk is mobile malware. I can think of four major mobile malware threats attacking ActiveSync-only devices: YiSpecter, Stagefright, Keyraider and XcodeGhost.
So what form should your BYOD strategy take? Start with some common-sense practices. Have your employees become human firewalls by educating them about the risks that come with mobile devices — not just smartphones, but also USB drives, microSD cards and devices that are part of the Internet of Things. Make them adhere to security best practices such as using strong passwords, saving sensitive information to a device only if it is necessary, encrypting data (at rest and at motion) whenever possible (Google can show you how), applying OS updates, never connecting to an unsecure network and regularly backing up important data locally (which doesn’t mean in the cloud on services such as Google Drive or Dropbox).
But while your BYOD policy won’t succeed without the active cooperation of your users, it can’t be entirely dependent on them. That’s where enterprise mobility management (EMM) systems come in.
EMM systems are what mobile device management (MDM) systems have evolved into as the technology has advanced. EMM systems help you keep straight who has employee-owned devices as opposed to company-owned devices, and more importantly, they help protect a company’s digital assets (data). One of the most important developments since the days of MDM is the ability of EMM systems to create secure containers to hold all corporate files, other sensitive corporate data and approved mobile applications. (The applications are likely to be restricted to those that have been approved, because today’s EMM systems typically restrict users to applications from the company’s enterprise app store.) Containers solve a big BYOD headache, because they separate personally owned data from company-owned data. So, if a device were to be lost, stolen or used in a way that was against corporate policy, the secure containers can be remotely wiped. In addition, some EMM systems can fight off malware or at least monitor it (whether a device is jailbroken/rooted or not).
EMM vendors support not just large enterprises, but also the SMB market. Most offer free trials, which should make it easy for you to persuade leadership to set up a proof of concept. To convince them that EMM will be a good investment, show them the value of assets that are now being accessed on employees’ mobile devices and fill them in about the growing problem of mobile malware. They’ll probably see the light.