Bring Your Own Device System: Pros and Cons

Calathumpian Group is facing a major information integrity issue, the CEO is concern about the way cooperate information are treated. The company is allows BYOD (Bring Your Own Device) system which means that employees can use their personal laptops , smartphones or tablets on the workplace for their daily workload and to connect to the corporate network (Webopedia.com 2015).

Advantage of using BYOD

Maximise profit by reducing personnel hardware cost
- The purpose of all organisation is to maximise profit while minimising expenses, BYOD allows minimum-zero technology cost since there is no purchase cost for employees working device and maintenance cost for the devices.
Improve employees performance
- BYOD improves employee’s performance and efficiency at work as by allowing them to use their personal devices with which they use also for recreational or home purpose, they developed automatism that increase their productivity. Tasks and operations are completed faster (Workforce 2014).
Reduce hardware alienation
- BYOD helps to keep employees comfortable in their working environment, since they know how to operate with their work devices. For example: for a new employee, it’s better to work with a device he/she knows than cooperate devices as they will have to be trained.

Risks of using a BYOD System

Software incompatibility
- Employees working on different versions of OS or software tools can cause information being not accessible or shared. This is not efficient and restrict data access.
Distractions
- Employees usually have their favourite apps, games or series present on their laptops or smartphones, these entertainment may distract employees during their working hours thus reducing their performance. For example: employees checking their Facebook account every 20 minutes.

Security
- Security is the major problem with BYOD systems, as it puts all your cooperate data in risk. As all employees will certainly use their devices outside the workplace, if they are infected by a virus or targeted by a hacker and connect to the cooperate network, the whole network will be affected and important data may be corrupted, stolen or deleted.

How to build a Secure BYOD policy

1. Carry out a survey

I order to build an effective BYOD policy, we have to analysis what type of devices are being used on the cooperate network. A survey done by the Forrester’s Forrsights Workforce Employee shows that smartphones and tablets are among the most used device on the workplace, the laptop being the most used device, as illustrated on the image 1, (InfoSec Institute 2013).

2. How does employees use their device on the cooperate network

We have to analyse what processes are done by employees on the network, this will enables the BYOD policy to match the business operations. For example: Are they using skype to connect foreign suppliers, what software applications are being used, what mobile application is using the WIFI system to operate. This analysis will help to developed acceptance criteria and limitations for the BYOD policy.

Get Help With Your Essay

If you need assistance with writing your essay, our professional essay writing service is here to help!

Essay Writing Service

Suggested BYOD Policy

In order to solve the situation Calathumpian Group is facing we will developed a BYOD Policy that can be implemented in the organisation’s system. The report will contain policy about acceptance use, User responsibilities, Cooperate IT Responsibilities, Devices and Support, Privacy Policy and Security Policy, we will keep the report simple and easy to understand in order to make the implementation of the Policy system better.

Calathumpian’s employees must agree to the following policies in order to connect their devices to the cooperate network. If they fail to abide to the policies the company reserves the right to disconnect them to the network and press further charges. These policies are implemented for the well-running of the organisation by enforcing security and protect cooperate data.

The template of Megan Berry (2015) will be used to develop the BYOD policy, it is simple and very comprehensive template (Itmanagerdaily.com 2015).

Access Control/ Acceptable Use

Activities that are productive to the business are considered as acceptable.

Certain websites will be blocked on the network for the employees during working hours, only before and after the working hours that these websites will be accessible. This will encourage employees to be on time. Such websites relates to
- Social Networks (Facebook, Twitter, Instagram, Google +, etc…)
- Video Games related website
- Betting website
- Pornographic
- Torrents
- Streaming websites
The network will only allow a limited amount of software tool to use internet or allowed connection to the network, this will decrease the risks of propagating viruses on other connected devices.
Mobile apps that are allowed on the network are : emails , messaging apps (such as WhatsApp , Viber , Messaging , Skype) , system updates
Mobile apps that are blocked includes : iTunes , Google Play , Apps Store , Mobile Games and Social networking apps

Roles and responsibilities

Dividing responsibilities in the company helps to maintain a certain hierarchy and determine how should do what and when. In order to solve the problem Calathumpian Group is facing, roles and responsibilities must be implemented so that the employees knows what are expected from them. In this case a structured IT department is needed.

IT Security Manager

Since the CEO of the Group might not be comfortable with IT department due to his age, it is better to choose some who is qualified for this job. The IT Security manager will be in charge for the creation and maintenance of the BYOD policy. This involves the risk management, security management and enforcing the BYOD policy.

Human resource manager

The HR manager will be responsible for the comprehension of the BYOD policy inside the company. His job is to ensure that the employees understand their commitment.

IT department

This department will provide help for the employees regarding the BYOD policy. For example: when an employee terminate his contract with the company, the IT department is responsible for the deletion of sensible information regarding the company. They are also responsible for the implementation of hardware policies such as: block websites and some mobile application, antivirus configuration (Auto scan on power on), maintenance of the network and other processes.

All employees

All employees must abide to the set of rules and regulations present in the BYOD policy, not respecting it will cause sanctions from the organisation as they are putting the company’s information at risks.

Devices and Support

Mobile operating system such as IPhone (4, 4S, 5, 6), Android devices (KitKat and Lollipop), Blackberry and Windows phone are allowed only.
Android tablets and IPad are allowed
The IT department is not responsible for any device software or hardware failure
The IT department has the right to take the mac address of every device connected to the network, for security purpose. The mac address will help the IT department to apply certain restriction to specific employees

Security

To prevent unauthorised access to devices, employees must use strong passwords to protect their devices. A strong passwords is categories as
- Having at least 8 characters
- Combination of lower and upper case letter
- Must include at least two digits
- Cannot contain symbols
Employees must change their passwords every 60 weeks
Every time an employee leave his work place, he/she must automatically lock his/her device to prevent unauthorised access.
Employees must encrypt their information such as emails , documents and other files
Employee must hand over their devices to the IT department in order to connect to the network

Termination of employment

In order to prevent cooperate information to be accessible when an employee leaves the organisation for a particular reason, the later must present the device used on the network for inspection. The IT department will be responsible for that (Shrm.org 2015), they will delete all company related data on the device.

ISO standards to follow

“A standard is a document that provides requirements, specifications, guidelines or characteristics that can be used consistently to ensure that materials, products, processes and services are fit for their purpose. We published over 19500 International Standards that can be purchased from the ISO store or from our members Tools and techniques “(Iso.org 2015)

In this case the ISO standard that best suit the problem of Calathumpian Group is the ISO/IEC 27002, which focus on information security management. This standards helps to maintain information such as employee details, cooperate financial report or other cooperate related information.

Benefits of using ISO 27002

Risk management
1. Find potential risk
2. Helps to eliminate them
Security policies
Information security management
Resource management
HR security
Physical security
Communications management
Access control
Incident response management (SearchSecurity.co.UK 2015)

Tools and Techniques

Incident Response

Reference list

InfoSec Institute,. 2013. ‘Importance Of A BYOD Policy For Companies – Infosec Institute’.

http://resources.infosecinstitute.com/byod-policy-for-companies/.

Itmanagerdaily.com,. 2015. ‘BYOD Policy Template’.

http://www.itmanagerdaily.com/byod-policy-template/.

SearchSecurity.co.UK,. 2015. ‘What Is ISO 27001? – Definition From Whatis.Com’.

http://searchsecurity.techtarget.co.uk/definition/ISO-27001.

Shrm.org,. 2015. ‘Electronic Devices: Bring Your Own Device (BYOD) Policy’.

http://www.shrm.org/templatestools/samples/policies/pages/bringyourowndevicepolicy.aspx.

Webopedia.com,. 2015. ‘What Is Bring Your Own Device (BYOD)? Webopedia’.

http://www.webopedia.com/TERM/B/BYOD.html.

Workforce, The. 2014. ‘The Pros And Cons Of Bring-Your-Own-Device (BYOD) For A Mobile Field

Workforce – MSI Data’. MSI Data. http://www.msidata.com/pros-and-cons-of-byod-in-mobile-field-workforce.