ClickCease
BYOD Guidance From The National Cyber Security Centre (NCSC)
Dan Hughes

June 8, 2023

The National Cyber Security Centre (NCSC) provides guidance on how to manage BYOD effectively. This guidance includes information on how to create a BYOD policy, educate employees about BYOD security risks, and use mobile device management(MDM) software to secure personal devices that are used for work.

The NCSC also provides information on the security risks associated with BYOD. These risks include malware, data loss, and unauthorized access to corporate networks. The NCSC recommends that organizations take steps to mitigate these risks, such as implementing strong security measures on all personal devices that are used for work.

By following the guidance provided by the NCSC, organizations can help to ensure that BYOD is a safe and secure way for their employees to access work-related information and applications.

The NCSC's guidance on BYOD can be found here:https://www.ncsc.gov.uk/collection/device-security-guidance/bring-your-own-device

Here are some additional tips for managing BYOD effectively:

·       Create a BYOD policy that outlines the acceptable use of personal devices for work-related purposes. The policy should include information on the security risks associated with BYOD and how employees can protect themselves and the organization.

·       Educate employees about BYOD security risks and how to protect themselves and the organization. Employees should be aware of the risks of malware, data loss, and unauthorized access to corporate networks. They should also be aware of the security measures that they can take to protect their devices and data.

·       Use mobile device management (MDM) software to manage and secure personal devices that are used for work. MDM software can be used to enforce security policies, track device usage, and remotely wipe devices if they are lost or stolen.

·       Implement strong security measures, such as encryption and password protection, on all personal devices that are used for work. Strong security measures can help to protect devices and data from malware, data loss, and unauthorized access.

By following these tips, organizations can help to ensure that BYOD is a safe and secure way for their employees to access work-related information and applications.​

Advice from the experts

Outlined on their website are five actions you can take to manage BYOD in your business effectively: https://www.ncsc.gov.uk/collection/device-security-guidance/bring-your-own-device.

Below is an overview of each of the actions

  1. Determine your objectives, user needs, and risks. What do you hope to achieve by allowing employees to use their own devices for work? What devices do your employees use? What types of work do they do? What are their security concerns? Once you have a good understanding of your needs and risks, you can start to develop a plan to manage BYOD.
  2. Develop a BYOD policy. Your BYOD policy should outline the acceptable use of personal devices for work-related purposes. It should also include information on the security risks associated with BYOD and how employees can protect themselves and the organization. The policy should be clear, concise, and easy to understand. It should also be enforceable. Employees should be aware of the consequences of violating the policy.
  3. Understand additional costs and implications. Implementing a BYOD policy can have a number of costs and implications. These costs can include the purchase of mobile device management (MDM) software, the cost of training employees on security best practices, and the cost of lost or stolen devices. You should also consider the implications of BYOD for your organization's security posture. BYOD can increase the risk of malware, data loss, and unauthorized access to corporate networks. You should take steps to mitigate these risks, such as implementing strong security measures on all personal devices that are used for work.
  1. Choose a deployment approach. There are a number of different ways to deploy a BYOD program. You can choose to allow all employees to use their own devices, or you can restrict BYOD to certain groups of employees. You can also choose to allow employees to use their own devices for all work-related purposes, or you can restrict BYOD to certain types of work. The best deployment approach for your organization will depend on your specific needs and objectives. You should consider the factors that are most important to you, such as security, cost, and employee satisfaction.
  2. Put technical controls in place. In addition to a BYOD policy, you should also put technical controls in place to protect your organization's data. These controls can include mobile device management (MDM) software, strong passwords, and data encryption. MDM software can be used to manage and secure personal devices that are used for work. MDM software can be used to enforce security policies, track device usage, and remotely wipe devices if they are lost or stolen. Strong passwords should be used on all personal devices that are used for work. Strong passwords should be at least 12 characters long and should include a mix of upper and lowercase letters, numbers, and symbols. Data encryption can be used to protect data from unauthorized access. Data encryption scrambles data so that it cannot be read without a key. By implementing technical controls, you can help to protect your organization's data from unauthorized access.

By following these five actions, you can help to ensure that your BYOD program is successful and that your organization's data is protected.

To learn more about implementing a BYOD strategy in your business read our comprehensive BYOD guide here