Initially, it is good to conceptualize what BYOD is. It is an acronym that comes from the English phrase: Bring Your Own Device, which translates to: Bring Your Own Device. It is a practice adopted by many companies, where employees work with private equipment to perform corporate activities. Whether in the home office or in the office itself.
This practice can be good for the company, which will not have the investment of acquiring/updating hardware, and for the employee, who will probably work with good quality equipment, without having to have equipment for personal demands and another for work.
This benefit of using the same equipment for private and corporate demands also brings risks that need to be understood and mitigated. Below we highlight:
- Loss or theft of devices: It is thought that the user may have more displacements with the equipment. As you can take it to and from the company, for external meetings, and you can also take it on vacations or private social events. In this way, the risk of a loss or theft ends up being greater.
- Equipment without management: Can you imagine if the equipment is without antivirus or without updates? You may be exposing your company data. As private equipment, the risk of losing the management of these equipment is greater.
- Organization of working hours: When will the user be working and when will they be using it for leisure?
Good security practices
We will focus on making suggestions to minimize security risks. We emphasize that it is important to consult your accounting and legal department for the correct implementation of this working relationship.
Here are some relevant points:
- Restricted access to equipment – Apply a unique password, with complexity to log into the equipment. It is also recommended to enable the disk encryption feature, to prevent them from removing the hard disk from the equipment, plugging it into another one and gaining access to the data.
For more information on creating more secure passwords, see this article: Errors We Can Avoid When Creating a Password – Blog – Ravel Tecnologia
- Authentication for corporate access – In addition to the equipment authentication mentioned above, have another validation process for accessing corporate data. If possible, even have this process with double authentication (use of MFA).
- Access restriction – Analyze the information that will need to be accessed and configure so that only that information is available. In other words, avoid giving access to what is not needed.
- Updated programs – Use original programs and always keep them with the latest version applied. One of the functions of updates is to apply fixes for security holes.
- Protect yourself – Provide a antivirus corporate, with management being done by the company’s IT team.
- have backup – Even with all the protection and adoption of best practices, always have an automatic backup schedule active.
- Awareness – Provide educational materials for staff to use in adopting best practice the equipment.
To learn more about good digital habits, go to: Digital Habits and Security – Blog – Ravel Tecnologia
Secure management of a structure using BYOD may seem complex, but there are tools that centralize and facilitate this mission. This is one of the resources that the IT Management contract that Ravel provides to companies. Centralized management of antivirus, updates, software, among other equipment points.