This post is from the Apperian blog and has not been updated since the original publish date.
Mitigate Risk by Educating Your BYOD Employees
BYOD security strategies often include firewalls, VPNs, passwords, and other technical measures. The one thing they often don’t account for are the users. Whether it’s tapping into an unsecured wifi network or letting a friend borrow a phone, BYOD users are often their own biggest security threat.
When it Comes to BYOD, Never Assume
A 2013 survey of 1,000 US office workers conducted by Opinion Matters found that an alarming 95.6% of respondents admitted to using public WiFi to perform work tasks on their tablet or smartphone. What is perhaps even more alarming is that more than one-third also admitted to connecting to a public WiFi network at least 20 times per week. These figures point to a significant disconnect between the reality and expectations of organizations supporting BYOD. As much as we’d all like to assume that all BYOD employees are well versed in basic security practices, the survey results show that this simply isn’t the case.
Education: Start with the Basics
While having employees sign a BYOD policy is a good first step, it is no replacement for training. Before entrusting employees with mobile enterprise apps and sensitive data, it is critical that they are formally made aware of basic mobile app security. In training, focus more on best practices rather than delving into highly technical material. Illustrate the importance of constructing strong passwords as well as the dangers of connecting to unsecured WiFi networks. Cover best practices when it comes to suspicious emails and attachments, and provide employees guidance on what to do if they think their device has been compromised. Keep in mind that many mobile users simply aren’t aware of mobile security dangers, and a short training program or course will go a long way in curtailing risky behavior.
In addition to education, enforcement is also an important piece of the BYOD puzzle. Implementing consequences for non-compliance may sounds tough, but it also sends a clear message to BYOD users that data security is a serious matter. While there is no one-size-fits-all enforcement strategy, many organizations are incorporating BYOD compliance into performance reviews and have policies in place to revoke BYOD privileges in the case of non-compliance.
Continuous Education is Key
Technology, as we all know, pushes forward at an unrelenting pace. As advances in mobile technology and apps bring new opportunities, they will inevitably be accompanied by a few additional risks. With that in mind, continuous education to keep BYOD users up to date with latest mobile security threats should be a part of your overall IT security strategy.