Security in BYOD policies

The companies' priority objective for 2018

15 Jan 2018

The answer to the question of who we spend the most time with is probably not who but what. We are hooked to cell phones, and Spain is, no more and no less, the 5th country in the world that spends more time with this type of device. An average of two hours and eleven minutes a day that we spend mainly on the use of applications, according to the latest report by Statista.

What we are often unaware of is the app’s handling of our information, since once we consent to access our personal information, the application will be able to share it with other third party companies. So it’s no wonder that security has become a top priority for millions of data-intensive companies. The main decision that worries them is whether or not to opt for a BYOD policy.

A complex decision, since investing in mobile devices involves an expense that is not always easy to bear, but also entails an investment in corporate security. While opting for ‘bring your own device’ means saving money on hardware, but having to spend it on reinforcing security, since a device that the worker uses for both personal and professional purposes entails a series of risks and problems that must be addressed.

In this article we are going to give some keys on how to apply BYOD policies in the company in a safe and effective way.

BYOD policies

The use of cell phones is part of our daily life as citizens, but also of our routine within the company. For this reason, many companies have opted for BYOD policies, accelerating their digitalization process without incurring such high initial costs.

However, the main fear behind the use of the same mobile device for personal and professional purposes is security, because with these policies theuse of data is intensified and preserving the security of information becomes more complicated.

However, some mandatory guidelines may help to achieve the best results and minimize risks.

Introducing multi-factor authentication methods for identification

Let’s not fool ourselves, you cannot use the same technologies in company policy that an Internet user uses, because the information to be handled is confidential and, in most cases, it costs a lot of money. For example, a password can be easily hacked by a computer scientist, so to ensure data protection, it is advisable to introduce a multi-factor authentication (MFA) method. Sabotage in these cases is much more common than in private use.

AMCs differ from traditional passwords in that they introduce additional filters to verify that the person logging in is actually the user of the account. They are used in cases where enhanced security is required, because the nature of the information that can be lost is also more sensitive.

To delimit the functions that each member of the company will have.

BYOD policies applied to the use of the device in the company have to delimit well what things an employee can and cannot do.

For example, you may be able to edit documents and send files, but certain other functions that you can do may be restricted. In addition to using the software to narrow it down, communication and training at the beginning is also essential. By sending a list of best practices, we will be able to promote uniformity in use.

But it is also the best tool to make employees aware of the responsibility of taking home applications with corporate data of the company.

Similarly, it is recommended that employees sign a confidentiality agreement and that they are clear about the company’s BYOD policy.

Prevent infection of systems

In addition to the so-called pishing, another recurring problem in this type of system is malware, or malicious software, which can render the device unusable. The advice is that when implementing an enterprise mobility solution, this risk should be assessed beforehand, as more stringent security policies may need to be implemented. For this reason, it is recommended that the partner that will provide the software to the company should be reliable.

Pre-testing is another good option; in fact, iteration models fulfill this function by allowing the detection of possible failures that can be repaired in time.

Adapting the system to the company’s needs

It may seem obvious, but it may not be in the best interest of data security to have an infrastructure that is not going to be used. Therefore, it is essential to delimit the functions of each member of the company and, with them, the limits of use.

For example, in companies where salespeople are on the road, enterprise mobility solutions become indispensable tools for inventory inquiries and ordering. In this case, it is essential to have a centralized system that updates this information in real time.

However, it is also possible that the only function that the employees of this company have is to send certain confidential documents. If so, special encryption will still be necessary, but perhaps other structures can be dispensed with.


It should be borne in mind that 70% of Internet connections are already made via the Internet. The company has also been aware that the use of mobile devices and, therefore, security is a priority for all companies, but especially for those that opt for BYOD policies.

From the company’s point of view, it is essential to preserve the ownership and proper use of data, while from the employee’s perspective, it is essential to respect and safeguard the confidentiality of the information handled.

Subscribe to our blog and newsletter, and keep up to date with the latest news on digital transformation and innovation affecting your sector.
Despite the fact that the European Union's new General Data Protection Regulation will oblige companies to increase the hiring of security experts by May 25, 2018, most companies have yet to take action. In addition, the Center for Cyber Security and Education, the non-profit association of professionals (ISC) and Frost & Sullivan have published a recent study that forecasts that, the shortfall of professionals in 2022 in cybersecurity will reach 1.8 million.

Lola Hurtado

Marketing Manager at FIELDEAS

Linkedin iconEmail iconTwitter icon
More related information
Trazabilidad en tiempo real_CEPSA_FIELDEAS

18 Jul 2024

Cepsa relies on the real-time traceability of FIELDEAS for the distribution of its lubricants and asphalts.

As reported by the media, Cepsa has implemented the FIELDEAS Track and Trace real-time traceability system that evolves the distribution process of its lubricants and asphalts. This service, which is…

Gestión de muelles de carga y descarga_FIELDEAS

17 Jul 2024

Real-time monitoring of loading and unloading docks

As we saw in the post “Optimizing warehouse dock management to reduce times”, loading and unloading docks are critical points in the supply chain, since a large part of logistics…

eCMR en el transporte de mercancías peligrosas_FIELDEAS

10 Jul 2024

Advantages of eCMR in dangerous goods transport

We already know that eCMR, understood as an umbrella concept for the digitalization of all transport documents, is fully valid and effective in the transport of general cargo by road….

Tacógrafo Inteligente segunda generación y eCMR_FIELDEAS

03 Jul 2024

Transport data integration: second-generation smart tachograph and the eCMR

Road freight transport is undergoing major changes in terms of digitalization, especially with regard to the second-generation smart tachograph and the eCMR or electronic consignment note. Both technologies are set…