Rawpixel - Fotolia

Manage Learn to apply best practices and optimize your operations.

What BYOD security policies should be set to protect UC apps?

BYOD security policies enterprises should consider to keep their UC apps secure.

Bring your own device (BYOD) security policies will vary by company for a host of reasons. When developing these policies, businesses generally won't focus exclusively on unified communications (UC) because BYOD applies to any form of mobile broadband usage in the workplace. Here are some basic dos and don'ts to keep your UC applications secure with BYOD.

Do make sure employees understand that BYOD security policies apply whether they're working in or out of the office. This policy also applies when working on company time or personal time. The line between home and work is blurring, but data security must be maintained at all times.

Do proactively manage passwords for all UC-related applications. This is probably the single most important thing employees can do to keep company data secure. Come up with complex passwords and change them regularly.

Do be mindful of security when using devices on the public Internet. It's hard to avoid using the public Internet, but employees need to understand how easily viruses and malware travel there. And if their device is infected, business-related data becomes vulnerable.

Do use the UC apps provided by the company as much as possible. UC's value is undermined if employees use free consumer-grade apps from the Web, which is easy to do when using personal devices for work. Not only does this defeat the purpose of UC, but these apps introduce all kinds of security vulnerabilities for your network.

Do clarify when employment ends, business data and apps are company property and will need to come off their device. This helps keep company data secure. To ensure employees don't lose personal data, make sure to keep personal data separate from work-related files and applications.

Don't use public Wi-Fi for work. The public Internet poses its own set of security risks, but so does public, free Wi-Fi, especially when travelling abroad. Employees need to be mindful when working in unsecured environments. If they can put off doing sensitive work until getting to a more secure network, then that would be best for everyone.

BYOD security policies need to stress the importance of employees taking full responsibility for keeping their devices safe.

Don't let others use your device. This is a cardinal sin for security. Again, employees must be mindful that their mobile devices serve two purposes. Some people will not share their devices to protect their personal privacy, and they need to think the same way for their business data. At minimum, if you have to share your device, BYOD policy should state that you must be logged out of any business-related application.

Don't back up mobile business data using your personal backup service. These services are great, considering how often mobile phones go missing, but there are two BYOD issues here. First, company data is not personal property. BYOD security policies should clarify this, particularly around what forms of backup are acceptable. The second issue is the risk of using a consumer-grade backup service. These services may not be secure enough and could pose data sovereignty issues if their servers are in remote locations.

Don't be careless with your device. Increasingly, there's a disposable nature to mobile devices, and the impact to most consumers is minimal if devices are lost, damaged or stolen. The data is far more valuable than the device itself. If personal data is backed up regularly, a lost or stolen device will not be a big deal. Company data however, is a big deal, and BYOD security policies need to stress the importance of employees taking full responsibility for keeping their devices safe.

Don't connect your mobile device to other devices or peripherals unless 100% certain of safety. Whether members of an employee's household do this to share files or someone at a client site asks to upload a file from a USB stick, any form of direct connection is a prime channel for passing on malware or viruses. BYOD policies need to outline precautions in cases where employees need to connect with other devices.

Do you have a question for Jon Arnold or any of our experts? Ask your enterprise-specific questions today! (All questions are treated anonymously.)

Next Steps

The challenges of BYOD in a UC environment

Should organizations require a BYOD reimbursement policy?

Managing mobile UC in a BYOD environment

Dig Deeper on Unified Communications Security