Even as more employees start bringing personal smartphones and tablets to work, most small businesses aren’t taking steps to ensure BYOD security.
One of the most important BYOD security steps experts recommend: Before users bring personal devices to work, IT should create a policy laying out what security precautions devices need before they get access to the company’s network or its data.
For example, the organization might decide that smartphones and tablets must be encrypted and password protected, with remote wipe capabilities enabled.
IT should inspect devices before they’re given access, and might consider using mobile device management (MDM) software or other tools to enforce those configurations.
However, most small businesses are letting employees use personal devices without enforcing any security settings, according to a recent survey from device management vendor Soluto. And that means users are carrying sensitive data on their devices with little or no protection.
Many don’t use passcodes
Among small business employees who use personal iPhones for work, the majority (61%) said their company’s IT department doesn’t enforce any security configurations. In fact, 37% of respondents don’t even have a passcode on their device, let alone any of the more advanced security measures.
The bottom line: Many organizations are allowing employees to put data at risk by carrying it on unsecured smartphones and tablets.
In many cases, that’s probably because the company hasn’t adopted a formal BYOD policy, and IT may not even be aware of what devices are being brought into the office.
For those organizations, experts recommend creating rules and blocking devices from connecting to the network before they’re approved.
In addition to requiring a strong password, many companies require other security features and configurations such as:
- Remote wipe
- Data encryption
- Automatic wipe after several failed log-in attempts
- Bluetooth discoverable mode disabled, and
- Mobile antivirus applications.