Q: BYOD has become a requirement for many of my customers. With the growth of cyberattacks, we need to implement an official BYOD policy that is flexible yet protects our customers. We are finding this to be a hard balance to achieve. What should be considered when creating the official BYOD policy?
While BYOD is not a new concept, the sudden shift to remote work has accelerated its usage in the past year. According to Microsoft, two out of three employees use their personal devices at work, even before the pandemic. Businesses had easily accommodated BYOD, as most were used inside the safety of secured networks. With much of the workforce still working remotely, a trend that will likely remain in place long past the pandemic, the security risks of BYOD become much higher.
For one thing, remote BYOD are often connected to unsecured WI-FI which are likely shared between family members who are not security conscious. Secondly, BYOD devices may not be up-to-date with security patches. Furthermore, if the BYOD were infected with malicious actors and it connects to the business network, the malicious actors can springboard to corrupt the entire network.
To ensure your customers are protected from the growing popularity of BYOD, you need to develop a BYOD policy that covers the security of your customers’ data, device, and employees, while providing the flexibility your customers crave. Here are three areas you should consider:
Security awareness training
Knowledge is the first line of defense and it’s especially important for remote workers, as they are not surrounded by their colleagues to ask questions or verify if an email is legitimate. Furthermore, cybercriminals are becoming more sophisticated with their attack methods. Business compromise emails and other sophisticated attacks are bypassing traditional email gateway security and landing in employee’s mailbox. Ensure your customers’ users are educated to not fall victim to these types of attacks.
BYOD must adhere to baseline security
Over the past year, many MSPs had offered support for BYODs that were not part of their service contract to help accommodate the sudden change, assuming that the remote workforce is a short-term change. With remote work becoming the new norm, those who are using BYOD should be mandated to adhere to certain security standards. If possible, some form of layered security such as antivirus, web security, security maintenance, and two-factor or multi-factor authentication, are required to reduce the risks of BYOD.
Data access control
Data is the lifeblood of your customers’ business. You know the importance of protecting it, but data has proliferated throughout your customers’ organizations. It is distributed across their infrastructure—in the cloud, SaaS applications, or on-premises. To safeguard data, it is important to know who has access to the data or applications, and if it is the right person that is accessing the data each and every time the data is being accessed. This control is necessary to protect data from today’s increasingly sophisticated cyberattacks.
Once you have your BYOD policy completed, make sure you can offer the services required to comply with the policy so your customers can easily adopt the new services for BYOD users. There are many solutions in the market but not all of them are created with MSPs’ needs in mind.
Barracuda MSP, the MSP-dedicated business unit of Barracuda Networks, offers easy-to-deploy, use, and manage solutions that has supported MSP’s growth. They offer services such as Managed PhishLine, a partner service that provides end-user email security awareness training on MSPs behalf, saving MSPs time and effort, and Barracuda CloudGen Access, a lightweight, SaaS solution that provides data access control and user identity control, with built-in security including Single-Sign On control for BYOD. It supports a broad range of operating systems such as Microsoft Windows, macOS, Linux, iOS, and Android, making it easy for MSPs to support any type of BYOD for customers.
Photo: everything possible / Shutterstock