Specialist IT Services


Contact Info

Postal Address: PO Box 28-418 Remuera, Auckland
Ph: +64 9 524-9999
Email: enquiries@selectit.co.nz



RELIABILITY, great service,
rapid response time

Feb 1, 2017

BYOD, consider the facts

BYOD – consider the facts

If you have already decided that BYOD (Bring Your Own Device) is not for your company, then KNOW that staff may be bringing in their own devices already, and may well be placing your systems at risk.

BYOD is happening, and a good, well thought-out, and properly enforced BYOD policy is the answer to the inevitable.

As with any major change to your network, accepting BYOD requires careful planning to be successful. You need to consider how it will affect your business, what you want to achieve with the policy, how it will integrate with other existing IT policies, how it will affect different employees and, once it’s in place, what training is required to ensure it is effectively implemented and enforced.

Here are some of the basic rules upon which you may start your foray into a managed BYOD policy:

  1. Consider limiting access to the corporate network to approved devices. Specify what devices are approved for such connection. The myriad of Android, IOS and Windows devices out there make for great choices.
  2. Security policies should be stringent. Passwords must meet IT complexity requirements, and changed regularly. Locking screens should be mandatory.
  3. Decide on what level of support do you wish to deliver to the end user, considering that they may well own their devices.
  4. Discourage multiple users on single devices…the risk of abuse is much increased if there is not a single “user” one can point to.
  5. Stolen / lost / misplaced / damaged equipment should be brought to the attention of the IT team immediately.
  6. Similarly, your IT department should be alerted to any indication of compromise immediately upon occurrence / suspicion.
  7. External devices such as thumb drives should disallowed, or encrypted, or managed in the same manner as the device itself
  8. Patching kept updated
  9. End point AV / malware scanners installed and updated
  10. Confidential files should be encrypted
  11. Users have a tendency to store passwords and logons in a file, on the device….this should be discouraged.
  12. Jailbreaking is a no-no
  13. If the device is also used for personal access, a data plan to accommodate both should be included. Consider the case where you set up a VPN tunnel on say, and IPhone, and the user uses it for Facebook or porn surfing, is this against company policy…or even worse, should they publish objectionable material while they are so connected, what are the legal ramifications for your company?
  14. Only approved, licensed apps to be installed on devices.
  15. Keep the rights to device wipe, in case of breach, employee termination, loss of device etc.


Unmanaged BYOD – yes, there is such an option

If your users are accessing your Wifi connectivity to use services provided on the internet, such as Google docs, the need to restrict and manage the end user devices disappear. As an example, if a school opts for the provision of Wifi to students to facilitate access to cloud based resources and data storage, the strict BYOD rules above would not apply / apply to a much lesser extent

In such a case, where each student manages and owns the device, internet access is either provided in an unmanaged manner (such as a free internet service at a coffee shop) or in a managed way to authorised users, via Radius / AD authentication.


Still confused?

I am at your call…..either by phone or a free consultation to discuss the choices and options you have….

Anton Schutte

027 524 9995


Select IT Partners

Latest News