DSD issues advice for executives tackling BYOD

DSD issues advice for executives tackling BYOD

Summary: BYOD introduces a number of security risks, and organisations should carefully consider whether the trade-off is worth their while, according to Australia's Defence Signals Directorate.


The Australian Defence Signals Directorate (DSD) has issued security advice for executives who are having to tackle the issue of employees bringing their own devices (BYOD) into the workplace.

Issued from the DSD's Cyber Security Operations Centre, the notice covers implications of BYOD, including the legal, financial, and security implications.

The DSD stated that although there may be benefits in the form of reduced hardware costs, overall, the total cost may increase when considering the need to support more devices, manage security breaches, or cover employee costs related to letting them bring their own device.

It also warns that BYOD could increase of the ability for attackers to use social engineering, and increase the number of entry points into an organisation. The DSD stated that when enabling BYOD in the workplace, a key consideration should be whether there is a business case to justify trading off security.

The DSD's advice for supporting BYOD includes taking a risk-management approach, developing a usage policy based on a risk assessment and the business case, consulting with experts such as legal representatives and IT security staff, and educating the end users.

Lastly, the DSD has a series of questions that it recommends executives ask their IT security teams, which should alert them to whether the organisation is on top of important issues. These include finding out how sensitive data is being stored on devices and how the risks caused by lost or stolen devices can be reduced.

Topics: Security, Government, Government AU, Australia

Michael Lee

About Michael Lee

A Sydney, Australia-based journalist, Michael Lee covers a gamut of news in the technology space including information security, state Government initiatives, and local startups.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


1 comment
Log in or register to join the discussion
  • BYOD

    BYOD is a big security problem, but there are standards an laws such as SOX and HIPAA that do help offer some protection. One of the biggest tools is education. Our hospital put a BYOD policy in place to use Tigertext for HIPAA complient text messaging, but the doctors still used their unsecure regular text messaging. Even though we had a good BYOD policy, it wasn't enough, we had to bring each doctor in to admin for 15 minutes of training and explaining the HIPAA issues and how to use the app correctly. Now we have about 95% of the doctors in compliance. If you want employees to comply with your IT security program, you really need to educate employees about the BYOD policy and the technologies you use weather it is an app like Tigertext or a larger MDM system.