How to create a mobile BYOD policy for covid-19 remote workers

The Covid-19 pandemic has pushed organisations to suddenly allow working from home by employees who had not previously worked remotely and who were not equipped with corporate devices or access technologies. 

The speed of the shift to large scale remote work has resulted in the use of personal devices including mobile phones, laptops, tablets, desktops, USBs and printers. Some employees are also using personal WiFi internet connections to access the corporate network. 

To mitigate the risk of this BYOD shift, it is critical that organisations provide employees with a BYOD Policy that sets clear expectations for behaviour.

Organisations can follow a few key steps to create or expand a BYOD policy to enable secure and productive remote work on mobile devices during the pandemic.

1. Why is a Covid-19 BYOD policy essential ?

Organisations that don't already have a BYOD policy in place must create one if they have employees working remotely on personal devices. Managers and executives can't simply tell employees that everything is fine and they can use any mobile device for work purposes. There must be a policy in place that promotes the interests of the company; and protects the safety and productivity of individual employees.

Furthermore without one, a company could be

• failing in its legal responsibility to apply due diligence to workplace practice (even when the workplace is at home)

• risking the loss of commercially sensitive information or intellectual property 

• risking commercial loss if systems are compromised or cyber criminals install malware or ransomware

• risking reputational loss 

2. What does a Covid-19 BYOD policy need to include?

A BYOD policy needs to regulate in favour of behaviours that protect the safety of the employee and the company; including the safe-guarding of identity, reputation, and data; and providing cost control.

More specifically a BYOD policy will include:

• which employees are permitted to use personal devices for corporate business and to access the corporate network

• any restriction on the range of personal devices that may be used for corporate business

• the applications or collaboration tools that are available to employees to utilise on their personal devices

• any corporate network access restrictions
   
• how devices will be secured

• how data will be secured

• the employer’s rights in respect of access to data and information contained on personal devices

• the responsibility for technical support in respect of devices or network access

• how the various risks associated with the use of personal devices are shared and are mitigated

3. How to implement BYOD security measures

IT leaders can't simply assume that employees will implement security measures on their own. Nor should employees be expected to, or be relied upon to do so.

Asking users to implement security measures will put the organisation at a major risk for security breaches and malware attacks.

Two of the most powerful tools organisations can deploy in this remote working environment are Unified Endpoint Management, UEM - also historically referred to as EMM or MDM; and Mobile Threat Defence MTD.

UEM manages an enterprises’ mobile devices, applications and content. MTD detects and responds to threats at the device and network layers.

Unified Endpoint Management is baseline

No BYOD mobile device should connect to corporate systems without UEM control

For employees using personal devices, IT leaders should enforce all BYOD policies with a unified endpoint management (UEM) platform that can manage connectivity and security-related endpoint risks.

With UEM, organisations can:

• enforce security policies like multi-factor authentication and password protection

• push security patches and software updates

• manage access to the corporate network blocking devices which are not compliant with security policy

• block specific applications or websites from being downloaded on the device

• lock or wipe a compromised device

• set-up containerisation to separate corporate and personal workspaces and data

• remote management of devices

Should the organisation decide to replace personal devices with corporate-owned devices, UEM also provides benefits in zero-touch deployment of devices to end users. 

Mobile Threat Defence complements UEM

As users move outside the perimeter the endpoint becomes the top vector of attack.

A MTD product complements a UEM environment. Leading vendors, VMware and Intune, integrate with the leading MTD vendors, like Wandera, to provide additional security and cost control features in three main areas.

• Zero-Trust Private Network Access 
  Moving beyond the device to enforce security at the application and network layers, and offers more granulated network protection by applying a zero-trust access policy. This is particularly important in the Covid remote working era as it provides users with the flexibility to work any time, anywhere with secure remote access – for unmanaged and BYOD devices.
  • next-gen encryption and networking protocols
  • identity-based micro-tunnels secure your corporate apps
  • protect sensitive data with adaptive access such as device risk posture and location
  • integrate IdP and UEM for enhanced management, or SIEM and SOAR for greater visibility
  • zero latency issues by eliminating unnecessary traffic backhauling
  • silent device authentication or seamless access via SSO
  • avoids requirement to re-authenticate every time
  • configure least-privilege access for applications individually with granular controls
  • review security with real-time event visibility and easily audit logs

• Threat Detection and Defence 
  Protect against all cyber threats, from device vulnerabilities to phishing to malicious or risky apps, with multi-level cloud and endpoint security. Manage risks with zero-day advanced threat intelligence.
  • monitor endpoints for vulnerabilities, from escalated privileges to outdated OS's.
  • perform continuous app risk assessments for advanced detection of malware and risky applications.
  • detect man-in-the-middle attacks and open a fail-safe VPN tunnel to ensure business continuity.
  • protect against known and zero-day phishing threats.
  • stop malicious downloads and connections to third-party app stores. Prevent data ex-filtration and command-and-control attacks.
  • monitor for data leaks and prevent sensitive data loss. Safeguard user privacy with added encryption

• Data Compliance Policy
  Some leading MTD vendors, such as Wandera, also include a data compliance functionality in their product suite. It will
  • enforce acceptable online behavior with intelligent content filtering rules.
  • mitigate legal exposure from non-compliant or illicit use.
  • prevent sensitive corporate data from being exposed on personally enabled cloud apps.
  • block unsanctioned services via the browser and application.
  • provide visibility of data consumption with real-time analytics and detailed reporting.
  • prevent bill shock by capping and limiting non-business data usage.
  • reduce roaming charges with overseas data management controls  (not a problem in a Covid world sadly)

About MobileCorp

MobileCorp is an enterprise ICT solutions company with a mission to deliver our customers a communications technology edge. We provide Managed Mobility Services, Enterprise Mobility Management, Complex Data and IP Networks, and Unified Communication solutions. We have a proven track record providing managed services for Australian enterprise and business, and we are a Telstra Platinum Partner.