There’s no denying that mobile devices have had positive effects on employee productivity and morale. Thanks to smartphones and tablets, people can work during their commute or over breakfast at home. But the problem is they are much more likely to get lost or stolen than their deskbound cousins. What’s more, if you let employees use their own devices for work by way of a bring your own device (BYOD) policy, then there’s another dimension to worry about, since you have less control over them.
Why data encryption is critical for corporate security
Corporate data should always be encrypted, both when it’s in transit and in storage on any device that leaves a secured office environment. If employees use their own devices to connect to your corporate network, it’s crucial they’re as tightly secured as company-owned devices are. That’s why employees who opt to use their own devices must sign an agreement after reviewing your BYOD policy. This policy should clearly state that the company retains the right to encrypt corporate data stored on the device and to remotely wipe or reset the device in the event it’s lost or stolen.
Because there’s an increased risk of mobile devices ending up in the wrong hands, you need to be prepared for the worst. After all, the cost of losing the device is nothing compared to having confidential corporate data exposed to anyone. In fact, given the risk involved, many businesses are legally obligated to keep data on mobile devices encrypted. For example, HIPAA- HITECH and DFARS regulations make it a legal requirement to encrypt patient health information (PHI) on portable devices and during transit over public networks.
Without encryption, any compromised mobile device can yield a trove of confidential corporate data. The same also applies when data is in transit across an unsecured network, such as an open wireless network. However, encrypting the data using 256-bit advanced encryption systems will make it completely useless to unauthorized users. In fact, it would take all the world’s supercomputers up to 3×1051 years (that’s 10 followed by 51 zeros) to ‘guess’ the correct encryption key in such a case. A lost encrypted device is not considered a reportable event to many agencies.
5 Things that every BYOD policy should include
If you want to save costs and increase productivity by letting your staff use their own devices for work, then a BYOD policy, enforced by a mobile device management (MDM) solution is crucial. Employees who wish to enroll in the program will need to be prepared to agree to the following:
- To use multifactor authentication, including PIN-protected lock screens, strong passwords, and regular password updates.
- To allow the remote wiping of company information from lost or stolen devices while taking the best possible care not to delete personally owned data.
- To allow you to encrypt the entire device or, at least a dedicated partition on the device used for work-related apps and data.
- To avoid jailbroken devices, and disallowed apps and operating systems.
- To allow administrators unhindered access to and control over corporate apps and data stored on the device.
Finally, no BYOD policy will be enforceable without mandatory security awareness training. Even with all the technological safeguards in the world, humans are usually the weakest link when it comes to security, so the most important step is to educate your team on threats and how to mitigate them.
F1 Solutions can help you make the right decisions for all of these topics based on your unique environment. Contact us today if you’re ready to lock down your sensitive data.