The Australian Defence Signals Directorate (DSD) has issued security advice for executives who are having to tackle the issue of employees bringing their own devices (BYOD) into the workplace.
Issued from the DSD's Cyber Security Operations Centre, the notice covers implications of BYOD, including the legal, financial, and security implications.
The DSD stated that although there may be benefits in the form of reduced hardware costs, overall, the total cost may increase when considering the need to support more devices, manage security breaches, or cover employee costs related to letting them bring their own device.
It also warns that BYOD could increase of the ability for attackers to use social engineering, and increase the number of entry points into an organisation. The DSD stated that when enabling BYOD in the workplace, a key consideration should be whether there is a business case to justify trading off security.
The DSD's advice for supporting BYOD includes taking a risk-management approach, developing a usage policy based on a risk assessment and the business case, consulting with experts such as legal representatives and IT security staff, and educating the end users.
Lastly, the DSD has a series of questions that it recommends executives ask their IT security teams, which should alert them to whether the organisation is on top of important issues. These include finding out how sensitive data is being stored on devices and how the risks caused by lost or stolen devices can be reduced.