Does your organization allow employees to bring in their own devices? Arguments surrounding BYOD have been around for a while. As with anything, there are the business pros/cons as well as security pros/cons. The newest claim is that mobile devices like the Android and Iphone will bring about the next “big” breach. If you do not have the right policies in place as well as a Mobile Device Management (MDM) Tool, you are opening yourself up to a lot of risk. There needs to be a baseline for device management. Get a sample security policy for handheld devices here
- Ask users to opt in to basic enterprise policies, and be prepared to revoke access controls in the event of changes. Users that are not able to bring their devices into basic compliance must be denied (or given extremely limited) access.
- Require that device passcodes include length and complexity as well as strict retry and timeout standards.
- Specify minimum and maximum versions of platforms and operating systems. Disallow models that cannot be updated or supported.
- Enforce a “no jailbreaking/no rooting” rule, and restrict the use of unapproved third-party app stores. Devices in violation should be disconnected from sources of business data, and potentially wiped, depending on policy choices.
- Require signed apps and certificates for access to business email, virtual private networks, Wi-Fi and shielded apps.
“Instead of business vs. security, allow security to enable business”