The trend towards remote working has seen an increase in the
practice of employees using their personally-owned electronic devices (such as
mobile phones and tablets) to access information and software. In response to
this the government has issued new guidance on the issues and risks associated
with the Bring Your Own Device approach.
The guidance, produced by the Centre for the Protection of
National Infrastructure sets out best practice for ensuring device security and
designing network architecture so as to prevent devices from accessing
particularly sensitive data.
It also covers a multitude of considerations for managers
deciding if a BOYD approach is appropriate for their organisation, including:
Limiting the information shared by devices, especially as cloud storage is
common; understanding the legal issues, as the responsibility for data
protection lies with the data controller and not the device owner; anticipating
increased IT device support, as employees are likely to use different types and
makes of device; creating an effective BYOD policy and communicating it to
staff through training; considering the use of technical controls which may
allow for remote management of devices but which may impact on their usability;
planning for security incidents, such as when personal devices are lost or
stolen; and, considering whether alternative ownership models, such as approved
devices purchased and controlled through the organisation, may be more
appealing to users than restricted devices.
The guidance can be found at https://www.gov.uk/government/collections/bring-your-own-device-guidance.