Bring your own device (BYOD)—where employees choose and buy a device (usually a smartphone) to use at work - continues to trend upwards. With BYOD already in place, you may have seen benefits such as:
- Reduced capital expenditures on buying, maintaining and upgrading hardware
- Happier users who want freedom of choice to work on their favorite devices
Hopefully, you’re also addressing some of BYOD’s challenges, including less control over company data, and greater risks from the loss or theft of devices. As a financial services organization, your BYOD program is at greater risk than in other industries, especially with the rise of ransomware attacks.
Restrict BYOD to Smartphones
Consider the following points to balance user choice and flexibility, with optimal security and efficiency:
- Where possible, restrict BYOD to user-owned smartphones.
- We’ve said it before and we’ll say it again: “The ultimate responsibility for security is – as always – down to the individual.” BYOD best practices include ongoing user education on threat vectors specific to financial services, regulatory compliance requirements and their individual BYOD responsibilities.
- Embrace an enterprise mobility management platform such as MobileIron to simplify management of endpoint devices, or a mobile device management (MDM) solution like Microsoft InTune.
- Evaluate whether a cloud access security broker (CASB) agent-less solution can give you better data visibility and control than your MDM suite.
Offer Employees a Choice of Company-Owned Devices
Beyond smartphones, all end user devices could be company-owned and managed by IT under a program where you offer employees a choice of devices. In this way, not only do users get choice, but your organization still benefits from the enhanced security features and common productivity standards found in business-grade devices like ThinkPad and ThinkCentre.
- Consider business-grade devices with the highest level of build quality, support services, security features and connectivity options. For example, access prioritized tech support and on-site servicing. Or achieve the highest security standards with hardware-based fingerprint readers which are much harder to hack.
- Audit job roles in your organization to get user input on preferred device types. Today there are many types of device available, each with their own advantages for different worker roles.
- Look for devices with Intel® Active Management Technology, which enables IT managers to discover, repair and help protect networked computing assets.
- Simplify PC deployment with a solution like Advanced Deployment Services. This is a customizable self-install wizard that enables final configuration steps to be performed by your end users instead of a technician. Whether joining a domain, installing software, setting up printers or migrating data, you can empower your end users to self-serve and reduce the burden on IT admins.
- Use Windows 10 Pro security features to help protect data in the event of a human error or if a device is lost or stolen. For example, Windows Information Protection helps prevent unauthorized or accidental sharing of company information and allows you to remotely delete business data from a lost or stolen device. BitLocker data encryption, supported by many ThinkPad and ThinkCentre devices, will encrypt all data on a device, ensuring it cannot be accessed by unauthorized users.