A bring-your-own-device can improve employee engagement and morale in the workplace. Studies have shown that companies which have embraced the BYOD working practices are up to 25% more profitable than their non-BYOD competitors. However, BYOD work practices also pose a significant information security risk. Most BYOD devices are outside the purview of network firewalls. Devices are carried around in public places. Users join networks that they are unfamiliar with and the risk of data loss is substantially increased. It is imperative that users are made aware of these risks and how to avoid them.
Who should attend:
Any employee or third-party contractor user who uses their own computing devices for handling, processing or storing your organisation’s data.
Instruction:
Instructor-led sessions, e-learning
Facilitated by:
Workshops, videos, scenario-based learning, email briefings, posters, gamified knowledge assessment.
Strategic Purpose:
To lower the risk of a data breach or other IT security-related incident caused by employees using their own devices for the handling, processing or storing of organisational data.
Core Content:
Physical security for devices – Explanation of how the loss or theft of physical computing or storage devices can result in data breaches. Actionable steps are given to mitigate this serious threat.
Encryption – Importance of using encryption for computing devices and portable media for data security and for keeping compliance with regulations, such as GDPR, HIPAA and PCI-DSS.
Shadow IT – Explaining the concept of “shadow IT” and how the use of unauthorised devices or cloud services can jeopardise the IT security posture of your organisation.
End-point security software – The role and limitations of end-point security software. The importance of up-to-date software. The risks of removing or disabling security software.
Device security when travelling – Using the internet securely, accessing networks and protecting data.
Computer updates and patches – The risks of using end-of-life operating systems. Understanding the importance of operating system and application updates for PCs, laptops, tablets and phones.
Wi-Fi Usage – Using Wi-Fi securely in public places.
Incident reporting – Reporting suspicious events and reporting lost or stolen mobile devices.
End-of-use device disposal – Securely deleting data before discarding, donating or repurposing devices.
Benefits:
- Participants are trained in the secure use of mobile computing or storage devices that minimise the risk of a data breach.
- Participants are reminded of the importance of device encryption to protect the information resources of your organisation.
- Participants are reminded of the importance of using up-to-date operating and application software to minimise the risk of their systems getting compromised via cyberthreats.
- Participants are reminded of their responsibility to dispose of computing devices or storage media securely.