New government guidance on BYOD (Bring Your Own Device) risks
The trend towards remote working has seen an increase in the practice of employees using their personally-owned electronic devices (such as mobile phones and tablets) to access information and software. In response to this the government has issued new guidance on the issues and risks associated with the Bring Your Own Device approach.The guidance, produced by the Centre for the Protection of National Infrastructure sets out best practice for ensuring device security and designing network architecture so as to prevent devices from accessing particularly sensitive data.
It also covers a multitude of considerations for managers deciding if a BOYD approach is appropriate for their organisation, including: Limiting the information shared by devices, especially as cloud storage is common; understanding the legal issues, as the responsibility for data protection lies with the data controller and not the device owner; anticipating increased IT device support, as employees are likely to use different types and makes of device; creating an effective BYOD policy and communicating it to staff through training; considering the use of technical controls which may allow for remote management of devices but which may impact on their usability; planning for security incidents, such as when personal devices are lost or stolen; and, considering whether alternative ownership models, such as approved devices purchased and controlled through the organisation, may be more appealing to users than restricted devices.
The guidance can be found at https://www.gov.uk/government/collections/bring-your-own-device-guidance.