...
Your employee who owns the computer may leave their device lying around unsecured (after all, they are probably working from home). They may allow friends and family to use it. Other issues include controlling the content and access of a private device if your employee leaves your company or sells their device, and erasing your organisational information if the device is lost or stolen.
...
The employee/ owner of the device must understand and accept the terms and conditions of the BYOD policy . Inclusion of their BYOD device is conditional on their compliance with the rules.
Its It's important to note that an organisation cannot use a written policy to substitute applying controls to a BYOD device; there needs technical measures also need to be technical measures in place.
Here are some suggestions that could be included in the policy:
The Operating System and apps must be fully supported by the manufacturer and receive security updates.
Software based firewalls are activated and configured correctly.
Security updates must be installed within 14 days.
Cyber Essentials password controls are applied to users own devices (BYODs).
Users logging in on computers and tablets have a day-to-day account, and this is separate to the administrator account.
The device automatically locks when not in use and requires a 6 digit or more pin/pass code to unlock, (use a biometric if available).
Anti-malware software is installed on devices and kept updated or, for a mobile device, only apps from the manufacture’s respective store are allowed to be installed.
Unused apps should be uninstalled.
If lost or stolen, it must be reported to the business promptly.
Rooting or jailbreaking is not permitted.
A remote erase and tracking app must be installed and activated so you can track a lost device, lock access and erase data. Obtain written consent in advance from the device owner to remote wipe the device in the event of loss, theft or termination of employment.
Clarify how, when and why monitoring will take place and require the device and passwords to be delivered up on reasonable request.
For further risk reduction
...
Mobile Device Management software (MDM) allows you to monitor, manage, and secure employees’ mobile devices. There is a range of price models available for this softwareare different software models ranging in price.
Desktop virtualisation software, such as Citrix, allows employees to securely access data stored on the corporate network using their own device. Organisational data is accessed remotely and stays on a secure server. It may be necessary for staff to agree not to copy the organisation’s data onto their own device.
...