Bring your own device (BYOD) refers to a policy of permitting employees to use personally-owned devices (laptops, tablets, and smartphones) to access company information and applications. BYOD continues to grow in popularity among businesses as a means to increase mobile and work from anywhere productivity choices for employees or reduce hardware expenditures. However, endpoint security can be a concern when it comes to BYOD. With an influx of personal devices in the workplace, the possibility of viruses, hacks, and data leaks is elevated. Every device that accesses company information represents an additional endpoint that hackers can attempt to breach.
There are several reasons to offer a BYOD policy:
Increased worker satisfaction. Employees can use the devices they prefer and enjoy greater productivity because they are using familiar tools.
Less IT burden. Having employees take care of their own device’s maintenance means less involvement and work from the information technology’s (IT) department.
Saving money. Employees pay for their own devices and the maintenance that goes along with them.
Increased employee engagement. Employees can get work done without having to physically be at the office. This gives them greater flexibility to manage their schedules and stay on top of their work.
In this post we’ll talk about the different solutions that Microsoft 365 can help you secure company data on personal devices.
What steps can you take to reduce the risks of BYOD?
Traditional mobile endpoint threat management solutions involve controlling all aspects of a mobile device, which many companies are reluctant to do for devices that their employees own. A better approach is a system that allows work-related applications to be securely managed while leaving personal apps and data alone.
Microsoft 365 Business Premium protects company data on your staff’s personal devices
Microsoft 365 Business Premium (formerly Microsoft 365 Business) supports Mobile Application Management, via Intune which helps you to securely manage apps and data on iOS, Android and Windows devices.
You can control which apps are allowed to access company data. You can require users to access work data from the Office mobile apps and configure policies that keep the data protected (such as encrypting it, protecting it with a PIN, and so on).
You can also help prevent users from moving data to an unsecured app. You can set policies to prevent a user from copying text from their company email and pasting it into an unsecure place, such as their email or the Notes app on their phone. You can block a user from saving a spreadsheet of customer data to personal cloud storage (like Dropbox, for instance).
You can also delete company data from a device if it is lost or stolen, or if an employee leaves the company. And you can do this without impacting personal data from the device. For example, if an employee leaves your company, you can remotely delete all company data from their phone, but their photos, personal contacts, and texts will be untouched.
Why should I use Microsoft 365 Business Premium to support my BYOD policy?
Microsoft Intune – the technology that powers the BYOD environments at many of the world’s largest companies – is the technology used by Microsoft 365 Business Premium to support your BYOD policy. Employees can use familiar Office mobile apps instead of 3rd party apps required by other high-security solutions. These capabilities are included with your subscription – there are no additional 3rd party solutions to buy, install, or manage.
While health care environments have traditionally been limited to desktop computers in the office, this has begun to change. More professionals in the medical industry are using mobile and personal devices to stay connected when out of the office.
BYOD presents an endpoint security challenge in the health care industry, as devices containing Protected Health Information (PHI) need to comply with HIPPA\HITRUST regulations.
Microsoft provides several endpoint security solutions relevant to this problem. Microsoft Azure and Office 365 are the first hyperscale cloud services to be certified for the HITRUST CSF, and Intune is capable of enforcing policies on BYOD devices that safeguard PHI through encryption, passcodes, and wiping lost or stolen devices.
Though BYOD in health care has unique challenges, leveraging a powerful MDM solution like Intune can bridge the gap between using personal devices and protecting PHI.
The financial industry has a vast amount of regulations to follow, from FFIEC to GLBA and beyond. Between compliance tracking and maintaining security controls, adding personal devices containing PII on millions of people in and outside of the U.S could be daunting. How can professionals in finance leverage the benefits of BYOD while ensuring that data is protected?
Through Microsoft Purview Compliance Manager, E5 customers can access comprehensive templates to assess- and help the organization comply with- a multitude of requirements governing the collection and use of data.
Then controls within the Microsoft Intune MDM platform can extend to prohibit information sharing outside sanctioned apps, encrypt device data storage, and wipe company data when an employee leaves.
Manufacturing companies may want to limit the apps available to end users on the shop floor by only allowing business apps. This is easily done on company tablets and mobile devices with kiosk mode, but what about personal devices?
Microsoft Intune provides a robust feature set for endpoint threat protection on BYOD devices- such as enforcing data controls within sanctioned apps, preventing data sharing with non company apps, enforcing pin codes, and allowing company data to be wiped on lost or stolen devices.
Legal organizations representing clients in highly regulated industries may soon be asked to detail how they protect PII. Without an endpoint security strategy, personal devices could expose or disclose protected client information. Microsoft Intune can regulate how mobile devices process and store data, which is a must for ensuring compliance in highly regulated arenas.
The energy sector has a wide range, covering many parts of critical infrastructure across multiple sub-sectors. Understanding the risks, controls, and procedures necessary to secure infrastructure are inherent to the energy sector and must be prioritized.
Zero trust is the best way to ensure that BYOD implementation is compliant within certain regulations. Within the Microsoft Zero Trust Architecture, Intune is the control mechanism capable of securing mobile devices.
Busy job sites are prime environments for endpoint threats. Devices full of critical business plans, quotes, customers, suppliers could easily fall into the wrong hands. To ensure data is protected on job site, companies need to set pin codes on locked devices and limit data sharing to sanctioned apps.
Microsoft Intune can provide this functionality for protected company data and apps, while leaving personal data alone.
Endpoint Security Using Our VCISO Services
Is the lack of a standardized BYOD policy opening your environment to threats? When you use our vCISO services, you’ll identify key vulnerabilities (like BYOD) in your environment and create an expert strategy to close your holes. You’ll save your team the time, budget, and consequences of focusing on the wrong solutions. Plus, you’ll get access a full year of our expert guidance to help you improve.
Here’s everything that’s included for a year:
- Model’s cybersecurity assessment
- 24×7 access to the Model vCISO portal
- Monthly vCSIO meetings with Model’s expert cybersecurity director
If you’re concerned that personal devices might be a threat, you can learn more about the service here.