Navigating BYOD in Australia: Thoughts on Safeguarding Your Personal Devices
Whether you’re new to the Bring Your Own Device (BYOD) landscape or a seasoned veteran, maintaining security remains paramount. Your personal device is not just a convenience—it’s an asset that can be exploited if not properly managed. Below, you’ll find a guide with technical details and industry best practices to help you maximise security in a BYOD environment.
1. Password Protection: Your Frontline Defence
Let’s begin with the rudiments: password-protect your device. It’s the initial layer of security against unauthorised access. If you haven’t done this yet, halt your reading and configure this essential security feature. Both Android and iOS offer various options from PINs, passwords, to biometric authentication.
Technical Insight: Leverage multi-factor authentication (MFA) to enhance security. The ACSC’s guide on implementing MFA offers a detailed view on why this is critical.
2. Strong Passwords: The Art and Science
It’s not enough to have a password; it has to be robust and complex. Follow your organisation’s guidelines on creating strong passwords. If your guidelines are somewhat lax, the general rule is to incorporate a mix of upper-case letters, lower-case letters, numbers, and special characters.
Technical Insight: Consider using a password manager to store and generate complex passwords. Many enterprise-level solutions like LastPass Enterprise or 1Password Business integrate seamlessly with corporate networks and offer robust security measures.
3. Personal Back-ups: The Safety Net
BYOD policies often include clauses permitting remote wiping of your device. Therefore, regular backups are not just an option; they are a necessity. This ensures you don’t lose irreplaceable photos, emails, or other personal files.
Technical Insight: Both Apple’s iCloud and Google Drive offer secure cloud-based solutions for backups. However, you might also consider local backups through dedicated software, as described in this ACSC guide on data backups.
4. Navigating Auto Storage and File Synchronisation
Automatic file synchronisation services like Dropbox can run surreptitiously in the background. While these services are convenient, they can inadvertently upload sensitive company data if not properly configured.
Technical Insight: Utilise policy-based or folder-based synchronisation features in these apps to segregate personal and work data. Moreover, some advanced solutions like Azure Information Protection can classify and segregate data automatically based on corporate policies.
5. In the Event of Misplaced Devices: Immediate Steps
If your device goes missing, contact your IT department without delay to initiate remote wiping or locking procedures.
Technical Insight: Deploy mobile device management (MDM) solutions like Microsoft Intune or VMware Workspace ONE that offer features for remote wiping, geo-location, and more.
Wrapping Up
Securing a personal device used for work is a multi-faceted process that goes beyond mere password protection. It requires a layered security strategy incorporating robust authentication methods, data backups, and rigorous control over data synchronisation services. With these strategies in place, you not only protect your personal data but also contribute to safeguarding your organisation’s valuable assets.
For more exhaustive technical details, always refer to ACSC guidelines or consult with your organisation’s cybersecurity specialists.
