[BreachExchange] Cybersecurity, A-Z: B is for BYOD

Mon Mar 13 19:22:19 EDT 2017

http://www.jdsupra.com/legalnews/cybersecurity-a-z-b-is-for-byod-89303/

BYOD, or “Bring Your Own Device,” is an umbrella term for policies that
employers have concerning your smart phone, tablet, or laptop.
Essentially, the questions that BYOD policies seek to answer are these:
 (1) Who owns your device?  (2) Who owns the information on your device?
 (3)  What happens if that information (or the device itself) gets lost or
stolen?  and (4) What happens to the device and information after you leave
the employer?

Policies vary from organization to organization, but the trend has been and
continues to be away from employer-provided devices and toward BYOD — that
is, toward allowing and encouraging employees to purchase and own their
devices.  Employers might choose to subsidize the device purchase,
especially when use of a device is critical to performance of employee job
functions.

While employee-purchased devices, subsidized or not, can clarify the
question of device ownership, it does not clarify the question of
information ownership.  Can you use your device to play Pokemon Go?  Can
you post political messages on Facebook?  More importantly, what happens if
your device, with work sensitive email and access to company information,
is lost or stolen?

The key issue for employers is to create a robust, and clear, set of
policies that employees understand before they purchase a device.  Best
practices included in BYOD policies should include the following:

Create a clear division between private, personal information and company
information.  Companies should not have access to personal employee
information (photos, text, and personal email, for example), and any access
to information to a device should be limited to company information (such
as company email).
Set up a clear protocol for the loss or theft of a device.
Create robust password and encryption requirements.
Determine what devices will be supported, and make that clear to employees
before they purchase devices.
Make requirements universal for all employees.

Good BYOD policies will protect sensitive and confidential company data
while allowing employees the flexibility and convenience of enjoying and
using their devices.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170313/b6df7d1b/attachment.html>