As you know, the COVID-19 pandemic has completely changed the way many businesses operate. Office buildings, schools, and banks tell their workers to stay home to protect them from catching and spreading COVID-19.
The challenge we face is the nature of home PCs and tablets, also called Bring Your Own Device (BYOD) computers. To meet this challenge your company needs strong and thorough BYOD policies in place. We made the change to “Work at Home” so quickly that even good “BYOD policies” need to be updated in light of these new challenges.
SO, time to review your policy.
When you are looking at your own BYOD Policy, make sure yours is addressing these concerns:
Different Devices and Operating Systems
With individuals working from home, they will often be using their own personal devices which may not use the same operating systems like the ones they would use in the office. This can include personal laptops, phones, tablets. The differences can make it harder to manage your business’s data and important documents, and your employees’ usage of your operating systems.
The really hard part is that at home, we often don’t update our computers properly, so they have insecure operating systems, no anti-virus, and generally pose a threat to your company.
Making sure your BYOD plan has Mobile Device Management solutions in place, such as Microsoft Enterprise Mobility, can help fill the gap between different processing systems. This will allow you to better manage your business’s permitted devices, even if those devices are employee-owned.
Data Leaks
With more employees working from home, your business’s data and applications will be on multiple devices that may not have the same protection as the ones they would use in the office. You will want to ensure that your BYOD policy addresses two main concerns:
- That your company’s sensitive information and applications are protected from unauthorized users and
- that your employees’ personal information is protected.
Since both business and personal data will be stored on the same device, it is important to address the business data integrity while protecting your employees’ privacy.
One solution is to store your company’s data in an encrypted container, which will allow you to control who has access to the data while allowing your employees’ personal information to remain private. This also ensures that other employees or Mobile Device Management programs only have access to information that is specific to your business.
Secured Network
With employees working remotely, you want your company’s resources to be available to your employees from anywhere at any time. This allows your employees to be more productive and ensure that they have everything they need to complete the job.
Remote Desktop Servers are an even better solution. They can provide your home user with access to their office PC, keeping all the files on the Office Network. This can help with Exfiltrations of data and keep the network pristine. Be careful with these. If they are setup wrong, they are a major source of attacks through port 3389.
Having an Action Plan for Stolen or Lost Devices
Being prepared for the unexpected can help your business overcome sudden emergencies. When an employee loses or has their device stolen, this puts your company’s sensitive information at risk. Having a game-plan in place can help your employee know what to do to protect the company’s data from being jeopardized.
One way to secure your company’s data is by having remote security commands in place. This not only allows you to track the location of the device, but you can also remotely lock them or wipe them clean of company data. Other special features of remote security commands include giving you access to their lock screens in which you can display customized messages or contact information, should a good samaritan find it.
Also, if a mobile device is encrypted, and then misplaced, you do not have to report a HIPAA breach. Encrypted devices are considered un-hackable, and therefore not a breach when lost.
Additional Considerations
- Security Testing should be done on systems that will be used on the personal devices of an employee. This will ensure they are thoroughly protected against unauthorized users.
- Have a plan for potential security breaches. Hackers are smart and computer viruses keep evolving. It is important to have a back-up plan in case an employee’s device gets hacked. Additionally, have a designed and tested Incident Response Plan, so your people don’t destroy evidence of the hack. Such a plan can help you prove that data was not exfiltrated in the attack, and save you hundreds of thousands of dollars in unneeded ransom payments.
- Provide Training for Your Employees Concerning Internet Security. Helps make them more aware of the risks and allows them to make decisions, such as whether or not to install antivirus software on their devices.
- Do your research before investing in a Mobile Device Management System. There are many different options and you want one that targets your needs. Need help deciding which one will work for your team? Integris can help!
- Make sure your team is aware and fully understand your BYOD Policy.
IT Solutions When You Need Them Most
Integris has been helping the businesses of Fort Worth and Dallas keep their data secure, their systems up and running, and provide solutions to their IT needs since 2008. Our team never backs down from a challenge.
All businesses need a strong IT team to keep their business up-to-date in this fast-growing digital environment, and our team is ready to help you! Contact Integris today and find out why more people are relying on our IT experts!
