CloudOgre

844-OGRE-NOW

The 7 key elements of a BYOD Policy

by

 

BYOD Policy is a first step to safeguarding your data.

Your BYOD Policy can mitigate risk of loss of IP and other key data.

 

These days all businesses large and small need to have a BYOD Policy in place. A BYOD Policy alone won’t protect your communications, Intellectual Property, or your network but it should outline employee practices that lower the likelihood that a breech will occur.

It’s hard to keep the C-suite from using their iPad Pro for work, especially while traveling. It’s just easier! It’s just as difficult to get a new hire millennial to use a company issued iPhone… God forbid it’s not the latest version and brand new. They make a great point, a newer and fully updated device should be more secure than older devices.

Here are 7 elements that you’ll need to consider when putting together your BYOD policy:

  1. The employee exit – Whether an employee leaves on their own or are asked to leave, you’ll want back whatever info they have about clients and intellectual property. There are ways to simply wipe data with O365 and more comprehensive tools that you can reach out to us to discuss. Either way, you’re going to want to develop a plan starting with the worst in mind (a rogue employee looking to take your data, ideas, and log-ins) and create a plan to protect yourself.
  2. Acceptable devices – Devices aren’t equally effective or secure. Defining a set of parameters for your BYOD policy that speaks towards devices is important. Mobile Device Management platforms like IBM’s MaaS 360 is more flexible on Android devices but more secure on Apple devices. Additionally, you’ll want to define what browser to use e.g. Safari, Internet Explorer, Firefox, or Chrome. Taking advantage of cloud technologies like VDI can create a homogenous platform across your organization. Click here to learn best practices for incorporating cloud services into your BYOD environment. You’ll also want to consider reimbursement policies for employees using their own devices for work.
  3. Firewalls and Antivirus – Employee laptops that have old anti-virus software that hasn’t been upgraded will put your network at risk. Similarly, if you don’t set up your firewall properly you can put your employee’s devices in jeopardy. Network based firewalls are an awesome compliment to traditional premise based firewalls. Assigning quantitative values to potential data breaches will help you define both your BYOD policy and security strategy. How much will it cost you if you can’t log into your network or if an employee steals your customer list? Both employee and employer responsibilities should be defined clearly.
  4. Websites and Applications – Now that you’ve outlined what devices will be interacting with your data over your network, you’ll want to define what applications and websites are cool and which are NSFW. Some apps request information that you may not want your employees sharing, like contacts. The last thing you want is that rogue employee adding a key customer contact to their inappropriate SnapChat or Instagram. With security concerns on the rise from the plethora of recent hacking incidents including banks whose websites have been spoofed, you’ll want to be clear with employees, as well as, with your firewall settings. Should employees save information to their device or do you have a central storage system set up? Click here for more on data storage in a BYOD environment. Ideally, you’ll want to segregate personal and private data as much as possible.
  5. Assigning Permission – Every employee doesn’t need access to all of your information. Defining what team or individual is responsible for and has access to certain data will allow you to manage and mitigate risk. A system of checks and balances should be created so that information isn’t silo’d in one area, and inaccessible to key decision makers. For example, only the network admin should know your firewall password but, in case that person is let go or “gets hit by a bus” (God forbid but it is something to consider), there must be someone else that has that information and can change passwords immediately if necessary. If you’re a sole-proprietor, you’ll want to keep those passwords handy and set up alerts if changes are made.

    Rogue employee taking advantage of lax BYOD Policy

    Are you worried about theft of IP over a BYOD environment you can’t control?

  6. Human Resources – Now that you’ve secured your network and data with tangible steps in your BYOD Policy you’ll need to look at things from less of an IT perspective and more of an HR perspective. How invasive is your monitoring allowed to be? How do you determine if Intellectual Property created by an employee on their device should be company property? How do you handle hourly employees that have second jobs in a similar field where work may overlap? Most device management platforms allow for monitoring tools and storage that can easily keep work-related and personal items distinct.
  7. Legal – Where does the liability lie? We all love our lawyers (Maybe a hint of sarcasm) and here’s where they’ll need to be involved in the process. Earlier I mentioned that there are two pieces to the puzzle. The employer can put an employee at just as much risk as the employer. Think of the incident when an organization’s data isn’t secured allowing hackers to steal employee social security numbers, birth dates, and other key personal information. A BYOD Policy is not effective unless its written down and agreed to, via signature, by both parties. I’d even go as far to say NDAs and non-competes should be incorporated into your company’s BYOD Policy.

 

Today, everyone is vulnerable. The lists of recent attacks are crazy! Dude, HBO Got hacked and they stole the Game of Thrones episode with the Dragons fighting White Walkers! #GOT – The list of hacks also includes the various departments of government, Equifax, Target, Instagram, Red Cross Blood Service, and the list goes on. Check out a cool visual list of the largest data breaches and hacks here. As this is happening, users expect things to work seamlessly, securely, and flexibly to include their devices on your network. How will your BYOD policy be written to make your business less vulnerable to loss of secure data to hackers and employees gone bad?

So now that you know how to put together a BYOD Policy, the questions is, how will you enforce it? Will you be proactive and use the correct tools to keep your company and employees safe from cyberattacks and security breaches? Without the right tools in place you’re really leaving this up to trust and the recourse that law allows. If you need help evaluating what measures you can take using the latest technology, please contact us here.

 

 

Apple Keynote September 2017 and its impact on Cybersecurity

by

https://youtu.be/mW6hFttt_KE

On September 12th Tim Cook took to the stage to deliver the Apple Keynote at the Steve Jobs theater announcing the release of the iPhone 8, 8 Plus, iPhone X, Apple TV, and Apple Watch. Check it out. From a consumer’s perspective, they look really cool with their giant screen and augmented reality capabilities. From a business perspective, nothing was done to address concerns around cybersecurity.

With the recent hack of Equifax and the failure of the company to manage the hack, cybersecurity should be on the forefront of everyone’s mind. We live in an age when the new battleground is digital, when we are worried about our election being hacked by a foreign government. There was a lot of hubbub around Hillary using a private email server but many cybersecurity professionals are saying that was the safest thing to do since the server she was supposed to be using was known to be hacked… I mean cmon there’s a target on that.

Apple itself was recently involved in a security scandal which shed light on its vulnerabilities. No surprise this wasn’t discussed at the Apple Keynote. When the government asked them to open up the phone of the crazy in San Bernadino, Apple refused and the government got in the device anyway. That raised The People’s Eyebrow (channeling my inner Rock).

iPhone is supposed to be wiped after certain number of attempts.

Backdoor into your iPhone?

Back in March, Wikileaks reported that the NSA is using popular devices to spy on people using a backdoor. Same stuff Snowden reported long ago. We’ve heard the concerns with Amazon’s Alexa which you can read about here. These backdoors create huge concerns for the CISO, especially in a BYOD environment. The cool factor will create a vulnerability that can be managed using Mobile Device Management. Check out our post on Enterprise Mobility management here.

The core of CloudOgre’s business is in connectivity and that goes all the way up to the device. It’s easier to secure transmissions over fiber because you own the end device and can manipulate them. The same isn’t true, at least at the consumer level, for Apple phones. Apple is a closed environment which requires an application layered on top of the OS to manage security. For example, IBM MaaS360 or AirWatch.

As a professional in the enterprise technology space, it’s interesting to see how the cool factor has taken precedence over security. Blackberry is struggling to stay alive because their focus was on security. Apple’s focus seems to be around the user making the phone bigger, cooler, easier to use. Without any new mind blowing tech, the wow factor was still the focus of the Apple Keynote.

Even without Steve Jobs’ presence, the Apple Keynote was dynamic. Yes there was a point when the facial recognition didn’t work but that was a good thing since it was actually a protection issue caused by too many folks handling the device. Apple stock dipped which was odd but I’m sure there will be many pre-orders of the iPhone 8, iPhone 8 Plus, iPhone X even with a thousand-dollar price tag (aka a rack, stack, g, or a grand), and the Apple Watch which has cellular built in for greater detail in telemetry and biological inputs like the heart rate monitor… Keyword ‘monitor’.

To conclude, the marketing was great. Looks like they’re trying to create a middle ground by introducing the iPhone X with a higher price tag driving consumer behavior toward the 8s. There are concerns that the OLEP screens may cause a supply issue. My concern, as usual, is around security. Yes you may need to sleep with your girlfriend wearing a mask. Seriously though, when you’re in the chair of a CISO… it’s not so funny. Security first!

Want to talk more about this in your business environment? Contact us here.

 

Want an ogre in your inbox?

1615 S Congress Ave, Suite #103
Delray Beach FL 33445
↑ Top of Page