By Euan Henderson
Cyber Security Technologist
As more employees use their own devices for work, it’s crucial to ensure that company data is only accessed from secure business-approved applications.
An employee may choose to use a new application to access company data if their existing application is not user friendly.
Even though this is being used on an employee’s own device or BYOD (Bring Your Own Device), the organisation must ensure the application is set up to protect the data.
The following recommendations can help to minimise associated risks:
- Limit the app’s user base to only those who need it for their work role.
- Implement Multi Factor Authentication (MFA) on the application.
- Check the default privacy settings and ensure that they have been changed to protect company data sufficiently.
- Ensure the settings for the app have been set to those that are necessary for the organisation. For example, does the camera need to be active on the app?
- Check how the messages and data is backed up.
- Set policies on how this data can be used, where it can be accessed from and how the app is to be used.
We recommend checking the National Cyber Security Centre’s website for further guidance on secure use of BYOD:
https://www.ncsc.gov.uk/blog-post/using-secure-messaging-voice-and-collaboration-apps