The phenomenon Bring Your Own Device (BYOD), that is, the use of personal mobile devices in corporations for tasks at work through smartphones, notebooks and tablets created through the evolution of consumerization, brought business organizations perform better in daily work. By using BYOD, information is available to employees anywhere, anytime, which is good for the organization, as the employee works harder and better. In some countries, its use is still being adapted to organizations and few already have their own policies for this use.
The Significance of BYOD
BYOD is a phenomenon and its use requires rules and processes that must be implemented by information security management. With its increasing use, the vulnerabilities that can be attacked also become increasing, to guarantee protection in the data that circulates in the organizations, preventing malicious acts, these tend to restructure their areas and sectors of work, focusing on their usage policies. Policies must be strictly followed and respected by their employees, but organizations often do not know which policies they should implement, how they should be implemented and how to make their employees aware of good practices for using the BYOD phenomenon.
The Threats Looming Over an Organization
The great concern of organizations is focused on the security of their information, because if they are lost, or stolen, due to the loss of a device, improper use or theft of it, the information may be used in an inappropriate manner, harming the organization or the responsible for the information. The organization must be prepared to deal with this type of situation, because depending on the value of the information, it can suffer bankruptcy or great loss. For this, it is necessary that the IT team has device blocking policies in place so that access to information can be blocked.
Many organizations are interested in using BYOD, due to the cost and performance aspects, but these have not adapted policies so that this use does not cause losses or future problems. Based on the weakness committed by most organizations in the lack of use of security policies, especially small ones and with an interest in knowing information security policies in organizations that already use them, this work turned to the following question: How can an organization adapt its information security policies, considering the BYOD phenomenon?
Policies that could be used in organizations that chose to join the BYOD phenomenon were analyzed and highlighted, explaining which attitudes can cause loss of information and how the management of information security should relate to the policy to be implemented in the organization. This work aimed to show the best practices to be implemented in organizations and how vulnerabilities occur, what causes them and how they affect most devices.
In the development of this work, exploratory research using bibliographic data was used, deepening the knowledge with a theoretical basis in policies and standards aimed at information security. With the collection of information focused on BYOD already used in organizations, it was possible to know an example of application in an organization, how these policies are complied with by employees, what are the difficulties for BYOD practice, the vulnerabilities that occur and how they are monitored. Finally, once this methodological path has been covered and based on this roadmap, as a contribution, this work presents proposals for documentation, distribution of tasks between sectors and a checklist with the main aspects of information security that must be present in BYOD policy in an organization. It is worth mentioning that the elaboration of these proposals had as main source the triangulation of the data collected here through the different methodological mechanisms.
It is a recurring theme in a constantly changing world. Information is a very valuable asset for the organization and must be taken care of. information security is a set of guidelines, standards, procedures, policies and other actions that aim to protect the information resource, enabling the organization’s business to be carried out and its mission be achieved. An organization’s information is the basis for the business structure and must always be adequately insured and periodically verified. If the organization has the opportunity to know all the information valid about its situation of protection of the resource information validates about its situation to decide freely for the most adequate solution for it at that moment.
All information transmitted or received within the organization must be controlled, however, the organization must be aware that for this flow control of the information transferred and will have to check how much it is willing to pay to ensure and control its information. For this, the organization must analyze whether the impact of an attack or invasion will be high, low or medium, what the level of security need will be.
Information security in BYOD work systems
Information security in BYOD work systems is seen as quite vulnerable if it does not involve special applications. In this context, applications like DriveStrike are needed. DriveStrike is an application that can realize what is called a Mobile Device Management Policy, which can close security gaps in 4 ways; locate, lock, wipe and encrypt. DriveStrike can minimize the risk of device theft, eavesdropping and the seizure of information by unauthorized third parties.
It is necessary to understand that, information is a very important asset in the life of the human being, because life revolves around information, everything that human beings need to do, do or even stop doing is due to information they obtained through some medium, but information is not always viewed with due importance. In the case of organizations, many still do not know the value that their information has and not ensuring it properly, brings risks of losses or improper transmissions, causing damage to the organization, in some cases, bankruptcy.
In relation to BYOD, information security is very important. The freedom of workers to access devices must be balanced with a very high level of security. The use of special tools such as DriveStrike above can minimize or even eliminate the risk of data loss or information theft that can harm the company.
Article Submitted By Community Writer