Security is key for BYOD

Back to News

Whether it’s a laptop, tablet or smartphone, more and more of us are choosing to “bring your own device” (BYOD) to carry out tasks in the workplace, or perform work activities from home or other locations. The trend, also known as consumerization of IT (COIT), can be very attractive to both employers and workers, offering flexibility both ways.

 

ENISA’s new report, Consumerization of IT: Risk Mitigation Strategies and Good Practices looks at the latest developments, and delivers six key messages to help ensure that “bring your own device” doesn’t also bring unforeseen risks. 

Aimed at Chief Information Officers, Chief Executives and others who take IT security decisions, the report’s messages are:

1. Ensure that governance aspects are derived from business processes and protection requirements, and are defined before dealing with technology.

2. End-user involvement can effectively mitigate risks. Awareness-raising on COIT programmes is highly effective for the enforcement of security policies.

3. Periodic risk assessment on COIT programmes should be undertaken to ensure that security policies remain compatible with evolving technologies.

4. Keep in mind that encryption complements but does not replace strategic risk management within a COIT programme.

5. Perform small steps initially and proceed with more complex policies when sufficient experience has been gained.

6. It is important to identify which COIT risks need to be mitigated within your organisation while the window of opportunity till remains open

The report builds on ENISA’s October 2012 publication, Consumerization of IT: Top Risks and Opportunities, and was produced by ENISA with input and comments from a group of experts from industry, academia and public sector organisations.   

 

For the full report: Consumerization of IT: Risk Mitigation Strategies and Good Practices