and have control over what happens . As an example , an individual cellphone connected to internal wireless networks could have malware on it . That individual can inadvertently download it and infect a company ’ s network . This is just one of the many reasons for having the policies in place ahead of time .”
When Lause devises BYOD policies , he begins by leading clients through a discovery process , which includes determining their needs , figuring out what they are trying to protect , defining their framework for security , and assigning protocol . “ It ’ s vital for companies to consider why they want BYOD in place and to examine their needs and concerns ,” Lause says . “ This is the most important item to decide upfront . For example , is it to improve workplace productivity or is it to make a network more mobile ? Whatever the reason , a BYOD policy should be designed to optimize goals and be based on a strategy .”
THE 4 ESSENTIAL ELEMENTS OF A BYOD PLAN
Once clients go through the discovery process , it ’ s time to map out a detailed plan , which includes consideration of four essential elements : security , privacy , updates , and education .
“ The mobile device policy is a place to outline the safeguards a company has in place and what they reserve the right to do with them to protect the good of the company ,” Lause says .
“ This includes things such as protecting mobile devices with passwords , requiring applications to be approved before being installed , and policies for lost devices or how you ’ ll remove data when an employee exits , among others .”
When instituting these guidelines , there are some areas that you ’ ll walk a fine line when addressing , such as privacy and updates . “ If you choose not to include things like mandating system updates in the BYOD policy , you at least want to make a provision that the employee will be liable if data is stolen as a result of their device not being kept current ,” Lause advises .
He also stresses that everyone be educated on the policies and restrictions in the BYOD policy . “ If employees don ’ t understand , don ’ t have the ability to ask questions , or don ’ t know which questions to ask , the policies put in place are going to fail ,” Lause says .
Lause has a comprehensive cybersecurity process for his clients that includes weekly microtraining and a dashboard that consistently updates their security score , which is much like your credit score , but for the entire organization . Companies that are compliant are not only more protected from hackers but they are also likely to get a break on their cybersecurity insurance rates . “ If companies can prove they ’ re doing the training and keeping their BYOD policy up to standards , then they get significantly reduced rates on their premiums ,” Lause says .
“ IF YOU ’ VE TAKEN REASONABLE CARE TO ENSURE THAT YOUR CLIENT ’ S TECHNOLOGY AND BYOD POLICY IS CURRENT , THE CHANCES OF THEIR GETTING HACKED ARE GREATLY MINIMIZED .”
As the number of small businesses getting breached continues to go up , Lause advises MSPs and managed security service providers ( MSSPs ) to offer BYOD policies and urge their clients to put one in place immediately .
“ It ’ s no longer an option as to whether or not you should put a BYOD plan in place ,” Lause says . “ Hackers love to target small businesses because too often , small businesses don ’ t invest in current technology , don ’ t enforce making sure machines are patched and up-to-date , and don ’ t have policies in place . The stiff fines , data privacy rules — which can require additional costs , such as providing credit-monitoring services to all your customers if you get breached — and the recovery costs can put people out of business . But this can all be mitigated in a cost-effective solution if companies work with a knowledgeable MSSP . And when you compare the cost of recovering from a security breach to the cost of maintaining a high-level secure environment , there is no comparison . The cost is minimal for investing in current technology versus lost business reputation , fines , and recovery , which most small businesses find difficult to do and is why 60 % of them are out of business within six months or less after a breach .”
In the end , it ’ s important to remind your clients that your BYOD plan is not a “ set it and forget it ” policy . Review it with them regularly and stay current with the new dangers popping up every single day . “ If you ’ re not talking to your clients about security and their BYOD policy on a quarterly basis to review their exposures and new threats , your clients are likely behind the times and vulnerable to much larger risks ,” Lause says . “ The most successful BYOD policies are adaptable and fluctuate with our times and technological capabilities . Remind your clients that it is never a bad idea to consult you , and that regardless , they should always exercise due diligence and use common sense . If you ’ ve taken reasonable care to ensure that your client ’ s technology and BYOD policy is current , the chances of their getting hacked are greatly minimized .”
For more information on Argentum IT , visit ArgentumIT . com .
MSPSUCCESS . COM | 19