University of Valencia logo Logo del portal

  • Estudiant treballant amb un ordinador

If you are using work information, don’t use non-corporate computers or devices.

  • September 13rd, 2018

Do you use your laptop, smartphone or tablet regularly for your personal and professional tasks? Do you know the safety precautions you should take when using these devices in the company? Have you heard about BYOD?

With BYOD (Bring Your Own Device) the company "consents" that employees use and connect their personal devices (laptops, smartphones, tablets) to corporate networks from home, the office itself or any other place, allowing the "mixed" use of these devices with those of corporate use.

As you can imagine, this approach has many advantages for the company and for the employee, including: comfort, flexibility and cost savings.

But, both the corporate use of these devices, making use of the company's resources, and the personal use that the user can make, can pose important risks for the security of the company's information.

To manage the risks, internal policies must be established that establish specific security configurations and adapt to the corporate security measures existing in the company. It is not enough that the device is personalized and secured according to the user's personal preferences, but it must meet a series of requirements that make its use compatible with the company's security policies.

Five tips to minimize safety risks in BYOD

A good part of the risks involved in BYOD lies in the user's use of the devices. Serious security problems are easily solved easily solved with simple actions, such as the establishment of access passwords, periodic updates, etc. To this we must add the risk that exists for the ease of loss or theft of these devices.

With these five tips that are exposed below, we can, on the one hand, minimize the risks derived from the use of BYOD devices when integrating them within the organization to work with them and, on the other hand, obtain the best possible performance from them:

  • Automatic screen lock. Set up. To update. Applications just. Block with passwords. Do not leave equipment unattended. Measures to protect corporate and personal data Involve users in the protection of their own devices. We must encourage, educate and educate the user to take measures to protect corporate and personal data. Some of these measures could be:
    • Configure correctly the security parameters of the device.
    • Update the operating system and all applications of the devices frequently.
    • Be very restrictive when allowing permissions for third-party applications installed on the device. These applications have a risk and that can include malware that is installed on the device, which makes the device vulnerable, including the network to which it connects.
    • Be aware of the importance of always blocking your computer with a password if you leave it unattended, even for a few minutes.
    • Never leave the equipment unattended when traveling on public transport and activate the screensaver if we do not need to look at the screen for a while.
    • Activate the automatic screen lock after a short period of inactivity. Unlocking must be done with a password or unlock pattern.
    • Maintain a database of users and devices. It is convenient to maintain a database with the list of devices that access the resources of the company, the users who manage them and the security privileges that allow us to authenticate and authorize these users and devices.
       
  • Take precautions with the storage of work data. We must be especially careful with the tools we use for the storage of corporate data, especially when it comes to using file sharing applications in the cloud. The public applications installed by users are not as secure as the corporate ones to protect the sensitive data of our company. When it comes to working with the company's data, it is safer to have these stored in the cloud and consult them, than to perform a real file exchange.
     
  • Implement measures for secure access to information. From the company, additional security mechanisms must be implemented in the devices, such as the encryption of information and the correct authentication of users. You can opt for password authentication systems, using password management applications, which facilitates the use of strong passwords customized for each application, or mixed systems of password use and biometric media such as fingerprints.
     
  • Modify the company's security policies. Security policies must be updated to include the use of BYOD, reinforcing the section referring to the corporate data protection policy. We must also make users aware of the importance and necessity of the application of this data protection policy. Involve users. Maintain a database of devices.


Corporate applications for cloud storage. Access control and encryption. Security policies that include BYOD.Tips to minimize security risks in BYODConclusionWe must be clear that the fact that employees' personal devices can access and manage confidential and sensitive information for companies must make us take special precautions when it comes to working with they. Both the devices themselves and the information handled must be properly protected, establishing good security policies.

We must be especially careful with the mixed corporate-personal use of these devices, since it is an added risk that we must control. For this it is essential to involve and educate the user of these devices in their correct use.

Without your help, the rest of the security measures will not be totally effective. We encourage you to follow these five security tips and verify that BYOD provides great advantages, provided that the devices are properly protected. 

 
This website uses proprietary and third-party cookies for technical purposes, traffic analysis and to facilitate insertion of content in social networks on user request. If you continue to browse, we consider that you are accepting its use. For more information please consult ourcookies policy