BYOD Best Practice for MSPs and Insurance Companies

June 20, 2017

If you can’t beat ‘em, let ‘em keep their cell phones. That’s what most businesses believe about whether they should allow employees to bring their own digital devices to the workplace.

Since most millennial’s are very Charlton Heston-you’ll-pry-my-cell-from-my-cold-dead-fingers – many businesses have resigned themselves to allowing personal devices all over the workplace.

Where we run into trouble, however, is when these devices start to access critical business infrastructures. Gartner is now predicting that by 2017 half of U.S. businesses will require employees to use their own devices at work. While it may be cheaper in the short-term, the chances are high that this approach will cost businesses big money long term.

We’re talking about the issue of network security – or the lack of. That’s why it’s imperative for managed service providers to discuss these issues with their clients sooner rather than later.

Here’s what managed service providers should know before they have this crucial conversation.

Best Practices for BYOD

Managed service providers will increasingly have to deal with BYOD as their clients increase their embrace of these policies.

Consider the following best practices as a starting place:

  1. For an MSP providing network services to a customer, you must reserve the right to approve the devices that access the network. Consider this – if your job is to keep the network secure, you must retain the ability to monitor how the architecture is accessed. The truth is that some devices are simply more secure than others.
  2. You must standardize the security requirements of every device that accesses the network. Establish standardized password rules, updated malware and virus protection, and the ability to wipe all data in case the device is lost or stolen. Make sure the devices are updated frequently to stay ahead of hackers.
  3. Use containers to separate business from personal data. Encrypt the corporate information and use authentication controls to allow access to it.
  4. MSPs must standardize the apps that can or can’t be downloaded onto these devices. You know there are legal and security risks for allowing unrestricted downloads of any app, but your client may not. MSPs should carefully explain these risks to customers and they should, in turn, share this information with their employees.
  5. Discuss an internal company policy on how these devices will be updated, maintained and supported. Will the company staff a help desk to assist employees with their devices?
  6. What if the device is broken and needs to be replaced? Your customers should set a policy on whether they are responsible for fixing the device, or does that fall to the owner?

Insurance companies, health care providers, and other businesses that access private personal data could run into compliance issues in addition to the security risks inherent in BYOD.

BYOD Policies are Complicated to Maintain

IT teams are increasingly tasked with managing hybrid solutions that include on-premise legacy platforms, cloud data storage, SaaS, and now, BYOD. The problem is that each of these devices is a different make and model, and each has their own level of customization available to the user.

BYOD policies have been around awhile, and we’re still struggling to make these policies benefit organizations that adopt them. The ongoing success of BYOD for managed services providers relies heavily on proper management of the devices and their business clients.

For more information on these and other issues affecting network security, buy the book ‘Easy Prey: How to Protect Your Business From Data Breach, Cybercrime and Employee Fraud’.  TOSS C3 is here for you: Get a free assessment today!

Let's Start a Conversation.

Connect with us and experience the TOSS difference.

Send this to a friend