According to the Global Information Security Survey, 88% of organizations feel they’re losing control over their data, and with the rise of BYOD (Bring Your Own Device) it’s easy to see why!
In the worst case scenario, your employees may be walking around with confidential corporate data stored on a personal device that isn’t even secured with a PIN or a password. If one of these devices is ever misplaced, lost or stolen, then it could result in a third party gaining access to your company’s data.
If your employees access any company-owned data on their personal devices, then this represents a huge security risk to your business.
Since it’s practically impossible to ban BYOD, in this article we’ll be sharing the tips, techniques and software your business needs, to ensure its private corporate data remains private.
1. Remotely wipe confidential data from a lost or stolen device
Imagine one of your employee’s personal devices has gone missing, and you know that device contains confidential customer information. Potentially, a third party may be about to sell this data to your biggest competitor, or publish it online.
But a single misplaced smartphone or tablet doesn’t have to spell disaster for your company! If you’ve migrated to the cloud, then your Office 365 admin can use Mobile Device Management to remotely wipe all confidential data from the missing device:
- Head over to the Office 365 Security & Compliance center.
- In the left-hand menu, select “Data loss prevention > Device management > View the list of managed devices.”
- Select the device that you want to wipe, followed by “Manage.”
Your Office 365 admin can now choose whether to:
- Perform a factory set. This removes all data from the missing device, including all installed apps, photos and personal information.
- Remove company data only. Any installed apps, photos and personal information will remain on the employee’s missing mobile device.
2. Be proactive: Setup automatic Mobile Device Management policies
Depending on the size of your organization, and whether your employees span multiple offices, it may not always be possible for your Office 365 admin to immediately respond to every remote wipe request.
When confidential company information is lost in the wild and potentially in the hands of a competitor, it’s vital that you secure that information as quickly as possible.
Your Office 365 admins can create Mobile Device Management policies that automatically lock or wipe a device in response to suspicious activity, for example multiple failed sign in attempts.
To create an Office 365 Mobile Device Management policy:
- Sign into the Office 365 Security & Compliance center.
- In the left-hand menu, select “Data loss prevention > Policy.”
- Select “Create a policy.”
The Security & Compliance center will now guide you through the process of creating a Mobile Device Management policy.
3. Ask your employees to setup Find My Device
If an employee’s Windows device goes missing, then they can use the Find My Device feature to locate and lock that device remotely.
Although Office 365’s remote data wipe is the preferred way to secure confidential data, Find My Device can be activated by the device’s owner. In scenarios where your Office 365 admin is unavailable and they haven’t implemented any automatic Mobile Device Management policies, Find My Device may be the only way to secure a lost device. Find My Device can also be useful for determining whether a device is truly lost or stolen, or whether it’s merely been misplaced, without having to involve your Office 365 admin.
To activate Find My Device for a Windows PC, laptop, Surface, or Windows phone:
- On your device, navigate to “Start > Settings > Update & Security > Find my device.”
- Select “Change.”
You can then use this feature to locate a missing device:
- Sign into your Microsoft account.
- In the toolbar, select “Devices.”
- Open the “Find My Device” tab. Your device should now be displayed on a map.
- If you decide to remotely lock this device, then select “Lock > Next.”
4. Don’t rely on passwords: Setup mandatory Multi-Factor Authentication
According to a 2018 poll by LogMeIn, 59% of people use the same password for multiple accounts, with nearly 47% of respondents admitting that they use the same passwords for their personal and work accounts.
With such a high rate of password reuse, you can’t rely on passwords alone to keep your corporate data safe. In the worst case scenario, a single leaked password could grant a third party access to the employee’s personal device and all the password-protected corporate data stored on that device.
To help keep your data safe, it’s recommended that you enforce Multi-Factor Authentication (MFA) across your organization. MFA adds an extra layer of security, so even if a third party does manage to acquire an employee’s password they’ll be unable to access their device without passing an additional security check, for example answering a phone call or performing biometric authentication.
For organizations who run on Office 365, your admin can activate MFA and make it mandatory for all employees:
- Head over to the Microsoft 365 admin center.
- In the search bar, type “multi” and then choose “Azure multi-factor authentication settings.”
- Select “Manage multi-factor authentication.”
- Select all the employee accounts where you want to enable MFA.
- Towards the right side of the screen, select “Enable.”
- In the subsequent popup, select “Enable Multi-Factor Authentication.”
- Select all the accounts where you want to make MFA mandatory.
- Select the “Enforce” link that appears.
- When prompted, select “Enforce Multi-Factor auth.”
All of these accounts will now be required to setup multi-factor authentication.
5. Ensure your employees are cyber security-savvy
One of the major reasons why BYOD poses such a huge threat, is the fact that employees typically aren’t aware of the dangers. Checking business emails on your personal smartphone outside of regular working hours is often seen as the sign of a dedicated employee, rather than a security risk.
The most effective way to protect your business against data breaches and leaks, is to arrange some staff training. Only when an employee fully appreciates the dark side of BYOD, can they take the steps necessary to secure their personal device – and by extension, all the corporate data stored on that device.
At Systems Assurance, we have decades of experience offering a wide range of security-focused staff training. We can even arrange immersive training exercises that give your employees hands-on experience identifying and avoiding the cyberattacks that are increasingly targeting mobile users.
Want to talk through your businesses’ unique security training needs? You can schedule a free one-on-one call with one of our specialist engineers today.
6. Create a company BYOD policy
Just because an employee has successfully completed security training, doesn’t automatically mean they won’t be tempted to take a shortcut or bend the rules, especially when they’re under pressure in the workplace, for example if they’re struggling to meet a deadline.
After training your staff, it’s recommended that you implement a company BYOD policy that clearly outlines the steps these employees are expected to take, in order to safeguard corporate data. This policy should communicate that it’s every employee’s responsibility to ensure company data is never accessed or stored on an unsecured personal device.
To encourage your employees to take this policy seriously, you could even ask them to physically sign the policy. Requesting a signature can make the difference between an employee viewing a policy as a formal contract, or treating it like just another Terms and Conditions-style popup that they click through without even really reading properly.
Claim Your One Month FREE Trial of Microsoft 365 E5 Today.
Speak to a member of our team today 0114 292 2911 or email email@example.com if you need any assistance.
Share this article on social media
If you found this article useful, please share it on social media.
Subscribe to our blog…
We will only use your email to send you new blog posts.