Bring your own device (BYOD) policies have always brought some security issues for companies, but this CIO presents it in an entirely different angle.
We know that workers may not have a good sense of how important confidential corporate data is, but Day did not point to security issues as the main concern with BYOD. For the Coast Guard, it’s a matter of reconciling work and personal data in case of an emergency situation. If a personal device is cleared of all sensitive data, it would include personal data as well.
“There’s the issues of what if I wipe your device and you lost all the pictures of little Susie and little Johnny and they weren’t backed up? We’re going to have to have some policies that go into place with this and figure that piece out,” Day said.
Choosing the right template
Obviously, your company may not have the same type of security concerns that a branch of the military may have, but your company’s data is just as important – especially on the Finance side. Therefore, security needs to be a main priority if your employees have a desire to bring their personal devices, or devices purchased especially for work, into the office.
Plus, the last thing you want to do is handle a tricky situation where an employee’s baby pictures get deleted before he or she had a chance to back them up!
- Passwords must be up to snuff. Require every device to have lock on the phone that requires a pin, password or gesture. For all business apps that require a password, require that passwords are least six characters and a combination of upper- and lower-case letters, numbers and symbols. Require passwords change every 90 days.
- No downloads that aren’t approved. Have IT prepare a list of acceptable apps that may be downloaded onto a mobile device. If you’d like to allow exceptions, consider letting employees submit a request to IT that details why they need the app for approval.
- When the device can be wiped. Establish conditions that will lead to an employee’s device being erased: If the device is lost, if the employee terminates his or her employment or if IT detects a data or policy breach, a virus or similar threat to the security of the company’s data.