Free cookie consent management tool by TermsFeed Generator
Contact

Templated BYOD Policy

1. Using Personal Devices (Bring Your Own Device)

Use of personal devices to access company resources and information is allowed if:

  • you have completed the Employee BYOD checklist
  • the devices meet the security requirements set out in Section 2. ‘Standard for Securing Personal Devices’.

It is the responsibility of the users to ensure that their personal devices meet these requirements at all times. Providing access to personal devices is at the discretion of the IT Manager.

1.1. Remote Wipe

You will allow the company data to be remotely wiped in the event that

  • The device is lost.
  • Your engagement is terminated.
  • We detect a data or policy breach, a virus or similar threat to the security of the company’s data and technology infrastructure.

1.2. Review and support

  • <company> reserves the right to request an audit of your devices in order to review the configuration of standard apps, such as browsers, office productivity software and security tools. This audit would be carried out by the <select job title> and will involve a remote session where the <select job title> will review your security setting and installed software.
  • Before contacting the device manufacturer/ their carrier/the original retailer for an operating system or hardware-related issues, such issues should be first referred to the <select job title> , so that the device can be disconnected from <company> services and company data removed. Connectivity, security, and software issues should also be referred to the <select job title> .
  • We reserve the right to refuse access to particular devices or software where it is considered a security or other risk to our systems and infrastructure, or those of our clients.

1.3 Risks/ Liabilities/ Disclaimers

  • It is your responsibility to take precautions against data loss such as backing up documents, email, contacts, etc. and you assume full liability for data loss for any reason.
  • Lost or stolen devices must be reported to <select job title> immediately, via <select comms method> and in no event later than 24 hours after discovery. You are responsible for notifying your mobile carrier immediately upon discovery of the loss of a device. You should report any theft or burglary of devices to the local law enforcement agency and obtain a crime reference number.
  • You are expected to use your devices in an ethical manner at all times and adhere to <select company> ’s Acceptable Use Policy.
  • You are personally liable for all costs associated with your device unless otherwise contractually agreed.
  • You assume full liability for risks including, but not limited to, the partial or complete loss of company and personal data due to an operating system crash, errors, bugs, viruses, malware, and/or other software or hardware failures, or programming errors that render the device unusable.

2. The Standard for Securing Personal Devices

Where you use your own device to access and store data that relates to <select company> then dependent on whether your device is under management or not will affect the level of access that will be permitted. Unmanaged devices will have more restricted access to <select company> data and applications. In either case, it is your responsibility to familiarise yourself with the device sufficiently to keep the data secure.

We will provide the necessary support and training to enable you to do so. This standard specifies the minimum controls to be exercised by the <select job title> to ensure an employee’s personal device complies with <select company> Information Security Policy.

2.1. Updates

  1. Set the devices and applications to ‘auto-update’ wherever possible
  2. Update the operating system and applications regularly when prompted
  3. Rooted and jail-broken devices are not authorised for accessing <select company> resources

2.2. Passwords and Secure Login

  1. Devices must be password protected using the features of the device and a strong password.
  2. Use of Biometrics (e.g. fingerprint recognition, face recognition) is allowed if this is backed by a secure PIN or password.
  3. All the default passwords for users and administrator accounts on all the laptops, computers, tablets, smartphones and Wi-Fi routers should be changed to stronger passwords.
  4. The password must be unique i.e. the same password must not be used for different devices and applications.
  5. The device must lock itself after a maximum of five incorrect login attempts.
  6. The devices should log out automatically after 10 minutes.
  7. Admin accounts should always be separate from normal user accounts. Admin accounts should not be used for emails and web browsing during the normal course of business.

2.3. Software and Applications

  1. Only recommended software and applications should be used to access company data.
  2. The employee must ensure that all software installed onto the device is licensed correctly.
  3. Other applications on the devices should be limited to the authorised application store for the respective devices.
  4. Make sure anti-malware software is installed on devices and is kept up to date for devices that support them.

2.4. Security Settings

  1. Always keep device firewalls activated.
  2. Ensure that the devices are encrypted.
  3. Ensure that ‘Auto-play’ / ‘Auto-run’ and similar features that allow external peripherals to start processes without user intervention have been disabled.
Templated BYOD Policy

Book a Consultation

Book a Consultation Form

Clear, Actionable Advice – No Jargon, No Pressure.

Book a Call With an IT Expert

Scaling up, tackling downtime, or reviewing your setup? Book a quick call for expert advice on running your IT smarter and more securely.

Rather send us a message? Contact us here.


Book a Consultation Form
ContactClient Portal