BYOD: The why and the how
by Mirko Zorz - Editor in Chief - Friday, 21 June 2013.
Fortunately, mobile devices in the corporate environment have become sufficiently common that best practices are developing to assist a CSO in identifying the provisions that should be in their mobile device policy. These include:
  • Security awareness training/education
  • Acceptable use
  • Operating system security
  • User responsibilities
  • Access control
  • Data handling
  • Individual responsibility if co-mingling personal and organization data on the mobile device
  • Constituent accountability
  • Secure disposal of device at end of life
  • Vulnerability management
  • Responsibility for ensuring mobile device operating system is updated
  • Responsibility for ensuring mobile device applications are updated
  • Reporting information security incidents in the event of loss or theft
  • Prohibit sharing a mobile device with other users, including family and friends
  • Ownership of data on the device
  • Legal ownership and rights of the mobile device
  • Specific actions that organization may take in the event of a lost/stolen or compromised mobile device (e.g., remote disable, remote wipe, confiscation)
  • Data sanitization of (organization) data, settings and accounts on the mobile device at end of life
  • Creation and use of mobile hotspots on an organization's premise (BYON - Bring Your Own Network)
  • Consequences for non-compliance with mobile device policy
  • User authentication on the device
  • Device encryption.
The content of each of these provisions will certainly vary based on a company’s risk tolerance, what they allow employees to do with mobile devices and, to a large extent, the regulatory environment in which they operate.

Nonetheless, CSOs should consider the development of a thorough and robust mobile device policy at the very core of their ability to manage the risks associated with these devices. Of equal importance is implementing the business practices and procedures which are necessary to support these policies.

What BYOD-related issues can we expect to grab the spotlight in the future?

As criminal enterprises continue to target mobile devices as their vehicle to access company systems and data, incidents related to mobile devices will continue to grow. One of the biggest issues in addressing this problem is the constant evolution of mobile technology. CSOs will be required to allocate a growing amount of their budget to develop and maintain the resources necessary to keep pace with changes in technology and increased threats.


Banks and IT security: The elements of success

Nathan Horn-Mitchem, VP, Information Security Officer at Provident Bank, talks about delivering and maintaining IT security for 80 branches of the bank.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Mar 27th