Can BYOD Work for Your Municipality?
The information contained in this article is not intended as legal advice and may no longer be accurate due to changes in the law. Consult NHMA's legal services or your municipal attorney.
BYOD (Bring your Own Device) has created a true anytime/anywhere work environment, and with device prices falling and features growing, it is no wonder that BYOD is becoming so popular. It is estimated that in 2016, approximately 38% of employers will stop providing computers to their workforces and will become entirely BYOD. As we are making decisions based on productivity, it is also important we still consider security and compliance. Your mobile/smart phone is essentially a computer in your pocket. You know BYOD comes with risks, so you need to consider what the vulnerabilities are, and what you need to have in place to protect yourself.
Before implementing BYOD, let’s look at the pros and cons involved.
Advantages
Better equipment: Is your employees’ home equipment frequently newer than what you provide them with at the office?
Familiarity: Perhaps employees are familiar with their MAC, but not the Windows environment or vice versa; this familiarity may require you do to less training.
Simplicity and accessibility: Employees may not want to carry two phones, and they will always be reachable on their personal device, while they may leave dedicated work devices behind.
Disadvantages
Data loss, whether intentional or not is a large concern.
The need to keep all public records on the private network.
Loss of control.
Risk of losing the device itself.
Employees actually following written policies.
Now let’s look at the three things you need to have in place to make BYOD a success at your workplace.
Written Mobile Policy: A policy is an absolute necessity if your program is going to work. It must be clear as to what is acceptable and what is not. It should include things like who can bring their own device and whether it be fully or partially paid for. In addition, lay out the procedure for reporting lost or stolen devices and the consequences for not complying with the policy. It is also important to define how to get a device approved and what happens when the employee departs. There is a lot detail that will need to go in to this policy, and your town’s unique needs and compliances will define it.
Mobile Device Management (MDM) Software: Software to manage all of these devices will be absolutely essential in managing this program. There are many companies that can provide MDM Software, or the management service, to you. You will need to research which solution works best for your needs. Modern MDM Software can minimize most disadvantages/risks that we discussed above. You will be able to monitor all devices across multiple operating systems, push policies, limit apps that are available, remote wipe devices, set and control security preferences per user, and so much more. Another feature is the ability to run two environments on one phone or tablet: log in one side and you are on your personal phone; log in to the other side and you are on your corporate environment. This would be very beneficial if you ever had to wipe the phone because you’d be able to wipe the corporate environment only. If you are staffed with your own IT department, you will need to discuss this type of software. If you do not have your own resources, you may need to reach out to an expert.
IT Administrative Training: You may need to look in to additional training for your current IT staff, especially if you are implementing new MDM software. You would need to set up a testing account and let your staff play with their own devices prior to launching.
While you are making your official decision on BYOD, you may already have phones or tablets connecting to your network. At an absolute minimum make sure your employees are utilizing the basic security features that are most likely built in to their device, listed below.
Enforce a strong passcode to access the company’s network. Passwords should be at least 8 characters and contain lowercase and uppercase letters, symbols, and at least one number. On a cell phone, requiring a passcode be entered will go a long way in preventing a stolen device from being compromised.
Require all mobile devices be encrypted. Encryption is the most effective way to achieve data security. Encryption scrambles data so it can’t be read by unauthorized users. iPhones encrypt data by default when you turn on a passcode. On Android devices, you often have to turn on encryption separately. Depending on which version of Windows your laptop or tablet is running you can also turn on the built in encryption.
Make sure they can remote wipe their phone. Enable ‘find my phone’ features: Apple’s Find My iPhone and Google’s Android Device Manager help users locate lost phones and allow them to delete data from stolen ones. Additionally make sure the employee has a backup of their personal files, pictures, etc. so if someone does have to wipe the device, their data is not lost forever.
Keep the devices software up-to-date. Thousands of new threats are created daily, so it’s critical that you’re updating your mobile device’s security settings frequently.
While mobile devices have enhanced the work environment and created better productivity, employers need to remember these devices have created new security challenges and vulnerabilities. These devices need to be managed and treated the same way you have always treated traditional desktop PCs. So long as you are managing the risks, there is no reason that your municipality cannot support a BYOD policy. BYOD is about being innovative and helping your employees work better.
Tim Howard is President and CEO of RMON Networks located in Plaistow and Laconia. For free security tools and resources visit www.RMONNetworks.com/informationsecurity.