Intelligent CIO Middle East Issue 78 | Page 53

FEATURE : BYOD lockdown orders , many organisations across the globe were forced to adopt the work from home culture and by default , they leveraged BYOD due to the lack of resources and the time to plan for alternatives . as their employees connect to the business ’ internal networks and systems ,” he said .
Designing a BYOD policy
“ These past few months have allowed organisations to witness first-hand the benefits of BYOD as employee productivity , collaboration and customer service improved because all the requisite apps and corporate content were securely accessible at any time , from anywhere ,” he said . “ That ’ s why even as the restrictions are being lifted , leading companies across industries are still allowing employees to work from home . They are even considering this as a long-term plan since it allows a company to hire employees from any part of the globe , without requiring them to relocate .”
Expanding attack vectors
As attack vectors continue to expand CIOs and the IT teams they lead are under pressure to develop and design comprehensive BYOD and device management policies .
Vaidyanathan said more often than not , BYOD involves unmanaged personal devices that do not meet the corporate security guidelines for accessing businesscritical data , making them vulnerable to a breach .
“ For drafting a BYOD policy , organisations must start by identifying the requirements of the workforce and setting clear objectives about the policy . Keeping privacy and compliance laws in mind , they need to maintain transparency by informing their employees about the extent to which the organisation can monitor the devices ,” he said .
With organisations adopting the work from home culture and leveraging BYOD due to lack of resources and time to plan for alternatives , Vaidyanathan said there are a few key legal issues that should be considered while developing and implementing BYOD policies .
Bethwel Opil , Enterprise Sales Manager , Kaspersky in Africa
Opil said in truth , personal devices pose a host of potential threats – which may also be related to , for example , device theft , hacking of a home network or computer . “ And the question that CIOs and IT leaders need to ask themselves is : should the protection of personal devices – that are used for work purposes and connected to the corporate network – be entrusted to the device owners alone ,” he asked ?
He observed that whereas corporate servers and workstations are , on the whole , reliably protected , the personal laptops , smartphones and tablets of employees do not always fall within the remit of the IT security department .
“ Instead , it is assumed that owners are responsible for the security of their personal devices . This is a potentially dangerous approach , as not only does this play right into the hands of cybercriminals , but it assumes that employees have the know-how and resources to secure their personal devices and home networks ,” he said .
Hennah pointed out that to better manage the cost and security consequences for the business – and to ensure there isn ’ t an uncontrolled proliferation of personal devices connected to corporate resources – businesses must look at deploying an EMM policy and strategy . “ An integrated EMM solution should go beyond mobile device management and look at helping a business extend their mobile working , by empowering the business to manage , monitor , secure and support all sorts of mobile devices and remote access points ,
“ Firstly , BYOD policies should clearly define the acceptable use policy to ensure the employers can limit their liability due to employee misconduct on personal devices . Secondly , based on the country ’ s labour laws , the organisations should outline offtime reporting policies for non-exempt employees who use personal devices for work-related tasks , to avoid penalties and overtime charges . Thirdly , strict prohibitions should be placed on jail breaking and rooting devices to secure business-critical data from the associated security risks . Finally , organisations should include details about how the liability is apportioned between the employers and employees for the loss , theft , or damage to personal devices ,” he said . p

FOR DRAFTING A BYOD

POLICY , ORGANISATIONS MUST START BY IDENTIFYING THE

REQUIREMENTS OF THE WORKFORCE AND SETTING CLEAR OBJECTIVES ABOUT

THE POLICY .

www . intelligentcio . com INTELLIGENTCIO MIDDLE EAST 53