FEATURE : BYOD
six-months of time to settle into the ‘ new normal ’, there has been a notable mindset change by employers and employees alike , towards the office versus remote working , with more now favouring the later ,” he said . “ While not all organisations will adopt complete remote working strategies , as this will largely be determined by the type of business and influenced by different staff profiles , we do expect to see flexible and remote working structures becoming a lot more mainstream post-Coronavirus .”
Ananthakrishnan Vaidyanathan , Product Manager , ManageEngine , said with the onset of COVID-19 and lockdown orders , many organisations across the globe were forced to adopt the work from home culture and by default , they leveraged BYOD due to the lack of resources and the time to plan for alternatives .
“ These past few months have allowed organisations to witness first-hand the benefits of BYOD as employee productivity , collaboration and customer service improved because all the requisite apps and corporate content were securely accessible at any time , from anywhere ,” he said . “ That ’ s why even as the restrictions are being lifted , leading companies across industries are still allowing employees to work from home . They are even considering this as a long term plan since it allows a company to hire employees from any part of the globe , without requiring them to relocate .”
Expanding attack vectors
As attack vectors continue to expand CIOs and the IT teams they lead are under pressure to develop and design comprehensive BYOD and device management policies . reliably protected , the personal laptops , smartphones and tablets of employees do not always fall within the remit of the IT security department .
“ Instead , it is assumed that owners are responsible for the security of their personal devices . This is a potentially dangerous approach , as not only does this play right into the hands of cybercriminals , but it assumes that employees have the knowhow and resources to secure their personal devices and home networks ,” he said .
Hennah pointed out that to better manage the cost and security consequences for the business – and to ensure there isn ’ t an uncontrolled proliferation of personal devices connected to corporate resources – businesses must look at deploying an EMM policy and strategy .
“ An integrated EMM solution should go beyond mobile device management and look at helping a business extend their mobile working , by empowering the business to manage , monitor , secure and support all sorts of mobile devices and remote access points , as their employees connect to the business ’ internal networks and systems ,” he said .
Crafting a BYOD policy
Vaidyanathan said more often than not , BYOD involves unmanaged personal devices that do not meet the corporate security guidelines for accessing business-critical data , making them vulnerable to a breach .
“ For drafting a BYOD policy , organisations must start by identifying the requirements of the workforce and setting clear objectives about the policy . Keeping privacy and compliance laws in mind , they need to maintain transparency by informing their employees about the extent to which the organisation can monitor the devices ,” he said .
With organisations adopting the work from home culture and leveraging BYOD due to lack of resources and time to plan for alternatives , Vaidyanathan said there are a few key legal issues that should be considered while developing and implementing BYOD policies .
“ Firstly , BYOD policies should clearly define the acceptable use policy to ensure the employers can limit their liability due to employee misconduct on personal devices . Secondly , based on the country ’ s labour laws , the organisations should outline off-time reporting policies for non-exempt employees who use personal devices for work-related tasks , to avoid penalties and overtime charges . Thirdly , strict prohibitions should be placed on jail breaking and rooting devices to secure business-critical data from the associated security risks . Finally , organisations should include details about how the liability is apportioned between the employers and employees for the loss , theft , or damage to personal devices ,” he said . •
Opil said in truth , personal devices pose a host of potential threats – which may also be related to , for example , device theft , hacking of a home network or computer . “ And the question that CIOs and IT leaders need to ask themselves is : should the protection of personal devices – that are used for work purposes and connected to the corporate network – be entrusted to the device owners alone ,” he asked .
He observed that whereas corporate servers and workstations are , on the whole ,
48 INTELLIGENTCIO www . intelligentcio . com