Understanding Your BYOD Policy

Tuesday, August 28, 2012

Robert Siciliano

37d5f81e2277051bc17116221040d51c

An employee may pay for their device and its monthly plan, but employees who use their personal devices at work should be required to adhere to a Bring Your Own Device (BYOD) policy that sets the ground rules.

If you choose to use your personal device for work purposes at any time for any reason, then your employer will more than likely want control over that device.

This means like in a company mobile liability policy, the employer may have remote capabilities to monitor activity and in the event of loss or employee termination, wipe the data.

The day after you get your new and shiny mobile or tablet, chances are you’ll take it right to work and request the IT department set it up with your email and access to the company network. And as more and more companies agree to this, they are also requiring you to agree to their terms as well.

Expect an acceptable use policy. This is one that is governed by the company’s CIO and others basically telling you what you can and can’t do. Read it carefully because once you sign it, your job will be on the line of you don’t abide by it.

Running in the background will be an application that you will be required to download and install. This app may have a certificate authenticating you and the device to connect to the company network and run company programs.

The installed application should provide the enterprise the ability to essentially remotely control your mobile at some level. I wouldn’t be concerned about this unless of course you’re not abiding by the agreement you signed.

At a minimum expect the application to have the ability to locate your mobile if its lost or stolen via the phone’s GPS, lock your phone locally whether you want to or not, (by default you have to choose 1-5 minutes). 

Mobile security software apps should also remotely wipe your mobile of all its data. Having encryption, antivirus and a firewall is a key factor in protecting data.

Robert Siciliano, personal security expert contributor to Just Ask GemaltoDisclosures

Possibly Related Articles:
5752
Policy
Information Security
Authentication Enterprise Security Access Control Data Loss Prevention Mobile Devices Employees Policies and Procedures GPS BYOD
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.