(1) To start off with, have a BYOD project leader that has the authority to enforce the required policies, procedures, and training to get BYOD implemented securely.
(2) Create clear and concise policy regarding BYOD for both IT and the end-users in your organization. Next, create computer-based end-user mobile security training that lays out these security policies and step all users through this training. That will create a higher understanding and compliance level, having someone read and sign a paper document is a recipe for security breaches.
(3) Enforce a strong password policy, which has been part of the end-user training in step 2. For confidential data, implement two-factor authentication. But to prevent password fatigue, deploy Single Sign On (SSO) or use a password manager like LastPass which for the end-user has a similar functionality. Ideally you implement a so called 'Federated ID' which allows users to log in across all systems and applications they are authorized for with the same username and password.
(4) Deploy secure remote access using a VPN that runs on SSL. Now that you have an authenticated user, you need a secure connection. With a VPN employees can connect to the office without worries their datasteam will be caught and broken into by the bad guys. A VPN does not provide 100% security but it provides a much harder target to crack.
(5) Onboarding and Termination needs to be managed tightly. When an employee gets hired, they need to get stepped through the security awarenes training and mobile security training as part of the onboarding process. When an employee leaves, their network access should be terminated at the very same time. You need management software that controls devices from the organization's side, which allows you to take away access in a few seconds.
(2) Create clear and concise policy regarding BYOD for both IT and the end-users in your organization. Next, create computer-based end-user mobile security training that lays out these security policies and step all users through this training. That will create a higher understanding and compliance level, having someone read and sign a paper document is a recipe for security breaches.
(3) Enforce a strong password policy, which has been part of the end-user training in step 2. For confidential data, implement two-factor authentication. But to prevent password fatigue, deploy Single Sign On (SSO) or use a password manager like LastPass which for the end-user has a similar functionality. Ideally you implement a so called 'Federated ID' which allows users to log in across all systems and applications they are authorized for with the same username and password.
(4) Deploy secure remote access using a VPN that runs on SSL. Now that you have an authenticated user, you need a secure connection. With a VPN employees can connect to the office without worries their datasteam will be caught and broken into by the bad guys. A VPN does not provide 100% security but it provides a much harder target to crack.
(5) Onboarding and Termination needs to be managed tightly. When an employee gets hired, they need to get stepped through the security awarenes training and mobile security training as part of the onboarding process. When an employee leaves, their network access should be terminated at the very same time. You need management software that controls devices from the organization's side, which allows you to take away access in a few seconds.