In this blog, we’ve covered many of the ins and outs of BYOD (bring your own device), including the pros and cons. In reality, much of the discussion is no longer about whether employees should be allowed to connect to company networks with their own devices, BYOD is simply becoming the standard way of operating.

A study published in 2016 suggested that 59% of businesses allow BYOD, and things have certainly moved along in the intervening years. The only remaining point of discussion is BYOD cybersecurity. In this post, we give you eight top tips to help ensure BYOD does not pose a threat to your business.

Two-factor authentication

A second authentication layer provides a significant boost to IT security, as it prevents malicious actors obtaining access by merely possessing stolen login details. Credentials are compromised with frightening frequency. Adding a second authentication step can often thwart an intrusion attempt.

Your employees should be encouraged to activate two-factor authentication (2FA) on all their personal accounts, as doing so helps prevent intrusions which could compromise their personal devices. Needless to say, you should ensure your corporate security policies are set to force 2FA for access to enterprise services.

Educate employees

Educating your employees in good security practices, such as the use of complex and unique passwords, can boost security on many layers, including on their own devices. Also, communicate tips specific to mobile devices, including setting short screen time-out intervals and using a unique PIN number.

Create security-savvy users through education which increases general awareness. Teach employees how to spot phishing and scamming attempts, which are very easy to miss on mobile devices, and instruct users to avoid dubious free apps

Mobile Device Management (MDM)

MDM software is widespread, it is part and parcel of Office 365, for example. Admins should enforce MDM on all devices connecting to company networks. Doing so enables a number of features, including the remote wiping of company data that can be triggered as soon as a missing device goes online.

MDM also offers inventory tools and layered access policies. You can control exactly what a device can access and could even reach a compromise with employees, such as allowing BYOD, but restricting certain aspects of device usage (e.g. app installation) via MDM.

Enforce a loss or theft policy

Your employees should be under obligation to report the loss or theft of any mobile devices with immediate effect. Doing so allows admins to remotely wipe the device as soon as possible, reducing the opportunity for data theft.

Admins can then add the associated corporate accounts to a watch list, monitoring for unusual access patterns such as repeated failed login attempts, or successful logins that are outside the expected geographical area.

Encourage VPN use

Your corporate application will already be encrypted, but it is still worth ensuring that employees avoid accessing company applications across unsecured WiFi networks. This can be hard to enforce, but providing a VPN alternative, and encouraging its use, will provide an extra layer of protection.

Most iOS and Android devices support swift and easy VPN connections, and your employees can easily tap into a secure VPN while using public WiFi. Install the VPN facility on devices and explain to users how simple it is to activate a VPN when connecting to public WiFi – and how it will protect their personal data too.

Ban jailbroken or rooted devices

Mobile operating systems offer strong, if not always adequate, protection against malware, but these protections break down if devices are jailbroken or rooted. Yes, users are able to customise their devices to a higher degree if they remove these protections, but the security hazards are substantial. Don’t let jailbroken devices connect to your enterprise systems.

Log and keep track of devices

A database of employee devices can help you compare access and usage patterns against the devices that should have access to your networks. Office 365, for example, provides detailed logs highlighting the devices used to access an account, thanks to Azure Active Directory.

See any devices in access logs that have not been reported for use? That’s a sure sign of a security breach. Investigating any such incident with the staff member involved could expose a breach before it is too late.

Enforce OS and firmware updates

Finally, we all know that users get annoyed when their devices prompt for an update. Installing an update can take a device out of action for a period of time and can sometimes break existing features. For this reason, many users postpone updates.

However, firmware and operating systems protect against the latest security threats. As part of your BYOD policy, you should ensure that employees always have the latest software installed on their devices. Banning devices beyond a certain age is also an option.