SlideShare une entreprise Scribd logo

08 pdf show-239

#TheFraudTube
#TheFraudTube

.

Direction et management
1  sur  2
Télécharger pour lire hors ligne
FRAUD FACTS Issue 23 June 2014 INFORMATION FOR ORGANISATIONS Bring your own device (BYOD) policies Organisations are increasingly allowing staff to connect to their corporate network using their own personal devices. This factsheet highlights some of the security issues that should be considered and safeguarded against when adopting such an approach. individual and/or department with sufficient authority, such as a director or senior manager within the IT department. Communicating your policy All staff, contractors, consultants and freelancers should be made aware of your BYOD policy. Actively and regularly promote the policy to staff throughout the organisation – irrespective of grade, position or length of service. Reviewing your policy Technology changes rapidly. It is essential that you review your BYOD policy regularly to ensure that it remains relevant and effective. Key security considerations Before introducing a BYOD policy it is important that your business has well-managed and appropriate information security policies and procedures in place. Consider the legal risks and seek advice from an IT, data protection or other suitably qualified professional where appropriate. Key issues to be considered are outlined below. Help and support Technical support may be required when staff connect to the network using their own device. This could involve activating desktop security settings (eg, screen lock), encryption and firewalls, installing remote desktop clients and a Virtual Private Network (VPN) connection. Publish a list of supported devices and the security steps that staff must take for each device. All staff should access the network using a unique username and a strong password. Introduction Organisations are increasingly allowing staff to connect to their corporate network using their personally owned electronic devices. Such an approach can be advantageous, boosting productivity and enabling staff to work while travelling or away from their desk. However, businesses should be aware that there are important security issues around the use of personal devices for work purposes, and these need to be carefully considered and safeguarded against. Some of the risks associated with allowing staff to use their personal devices for work purposes include (but are not limited to): • loss or theft of staff-owned personal devices that contain business information; • inadequate controls for unauthorised programs (such as apps, instant messaging, file sharing and ‘paste bins’) which may result in accidental data leakage and security vulnerabilities (malware); • deliberate and/or malicious theft of business information and intellectual property; • non-compliance or breaches of applicable laws, regulations and/or business policies (such as data protection and Payment Card Industry Data Security Standards); and • insurance and IT security policies may become more complex and costly to manage. In addition, it can be very difficult to tell staff what they can and cannot do with their own devices in their own time. What is a BYOD policy? A ‘Bring Your Own Device’ (BYOD) policy sets the standards, procedures and restrictions applicable to staff who use their personally owned devices to connect to the corporate network from home, at work or while travelling for business purposes. It aims to protect your business (and your staff) from accidental and deliberate information security breaches. An effective BYOD policy should be simple, concise and easily understood. As a minimum it should explain: • who the policy applies to (eg, staff, contractors/consultants/freelancers); • which devices can be used (eg, laptops, tablets, smartphones); • what services and/or information (data) can be accessed (eg, email, calendars, contacts); • the responsibilities of the employer and staff member (including for security measures that need to be adopted); • which applications (apps) can/cannot be installed (eg, for social media browsing, sharing or opening files etc); • what help and support is available from IT staff; and • the penalties for non-compliance (eg, privilege revocation and other disciplinary procedures). Before staff are allowed to use their personal devices for work purposes they should agree to adhere to the requirements set out in the BYOD policy. Whom should it cover? Your policy should cover all full- and part-time staff who want to use their personal devices to access business systems and information. It should also cover consultants, contractors and freelancers. Designating responsibility Designate oversight for the policy to an
Sign-off procedure Ensure each BYOD device is compliant with security policies before granting network access. Decide how this is done: either face to face or through the use of remote access technology. Ask staff to agree to various security provisions during the sign-off process (such as secure wipe settings). Make it mandatory for staff to report lost or stolen personal devices and any suspected data breaches immediately to your IT/data protection department who can instigate actions to remotely wipe or protect the loss of business data. Data classification Categorise business information into public (eg, press releases), internal (eg, contact lists) and confidential data (eg, client or customer data). Use controls to limit the opportunities for confidential data loss by linking classification to your information and network security policies. Information security All staff should be asked to sign a security policy that prohibits the retention of confidential business data on personal devices (whether encrypted or decrypted). Limit staff access to data to a ‘need to know’ basis. Link your BYOD policy to your Acceptable Use Policy (AUP) which asks staff not to connect to unacceptable, objectionable or illegal websites or engage in inappropriate behaviour through a VPN connection made accessible via a personal device (eg, using social media to post abusive content). Where possible, block access to high-risk websites via the VPN by using firewall accept and deny rules. Consider including in employment contracts the disciplinary action that will be taken for policy breaches. Always act on advice published by the Information Commissioner’s Office (ICO) when reviewing security policies. Data protection must be taken seriously by all concerned. Remember: your business must never have access to any personal data stored on a BYOD device. Network security Ideally staff should access business resources through a virtual desktop that prohibits the download of any document to their personal hard drive. Personal devices should be considered ‘untrusted’ and given limited access to network resources. This can be done using Dynamic Host Configuration Protocol (DHCP). Access to limited network resources and data can be granted to untrusted devices through network separation and firewall rules. Security management Changes to network security policies may result in new vulnerabilities. Make sure that remote and virtual desktop applications are monitored and regularly patched. Critical security holes should be patched on a risk-sensitive basis (including a zero-day fix rule for emergency updates). All personal devices will need security management, vulnerability scanning and updates as required. Leavers policy Ensure your staff leavers policy allows your IT department to retain a copy of all business-related email communications and documents created by the leaver, whilst ensuring no copies are retained by any individual or personal device (eg, by performing an ‘exit’ wipe). Network access should be revoked immediately. Unless your business retains full control over security settings this may be challenging. Hallmarks of an effective policy DO: 4 Make staff and consultants aware of your BYOD policy. Actively and regularly promote it throughout the organisation to staff – irrespective of grade, position or length of service. 4 Require staff to set a strong PIN or password on the device. Passwords should contain a combination of letters, numbers and other characters, and be difficult to guess. 4 Ensure that you have the right to wipe the content on devices that are lost or stolen. Provide guidance for staff on how to back up their personal content so that it can be restored to a new device. 4 Designate responsibility for oversight of your BYOD policy to an individual and/or department with sufficient authority. 4 Review the policy on a regular basis. Update it to reflect technological advances and changes to business activities. DO NOT: 7 Expect staff to be aware of the policy without telling them it exists. 7 Introduce a BYOD policy and fail to follow up on it. 7 Expect that the existence of a policy alone is enough to prevent fraud or loss of business information. Further information See our separate fraud factsheets on Cloud Computing, and An Introduction to Fraud Risk Management for more information. Fraud Advisory Panel www.fraudadvisorypanel.org Get Safe Online www.getsafeonline.org Information Commissioner’s Office www.ico.org.uk PCI Security Standards Council www.pcisecuritystandards.org Fraud Advisory Panel, Chartered Accountants’ Hall, Moorgate Place, London EC2R 6EA. Tel: 020 7920 8721, Fax: 020 7920 8545, Email: info@fraudadvisorypanel.org. Company Limited by Guarantee Registered in England and Wales No. 04327390 Registered Charity No. 1108863 © Fraud Advisory Panel 2014 All rights reserved. If you want to reproduce or redistribute any of the material in this publication, you should first get the Fraud Advisory Panel’s permission in writing. The Fraud Advisory Panel and the contributors will not be liable for any reliance you place on the information in this Fraud Facts. You should seek independent advice. www.fraudadvisorypanel.org The Fraud Advisory Panel gratefully acknowledges as the main contributor Seona Devaney (Frisk Online) in the preparation of this Fraud Facts. Distributed by www.thefraudtube.com 27052014 FRAUD FACTS Issue 23 June 2014

Recommandé

A Case For Information Protection Programs
A Case For Information Protection ProgramsA Case For Information Protection Programs
A Case For Information Protection ProgramsMichael Annis
 
Information Technology policy
Information Technology policyInformation Technology policy
Information Technology policymarindi
 
Securing your digital world cybersecurity for sb es
Securing your digital world cybersecurity for sb esSecuring your digital world cybersecurity for sb es
Securing your digital world cybersecurity for sb esSonny Hashmi
 
IT Policy
IT PolicyIT Policy
IT PolicySensewareInfomedia
 
Information Technology Policy for Corporates - Need of the Hour
Information Technology Policy for Corporates - Need of the Hour Information Technology Policy for Corporates - Need of the Hour
Information Technology Policy for Corporates - Need of the Hour Vijay Dalmia
 
Privacy experience in Plone and other open source CMS
Privacy experience in Plone and other open source CMSPrivacy experience in Plone and other open source CMS
Privacy experience in Plone and other open source CMSInteraktiv
 
Mobile Device Policy Template
Mobile Device Policy Template Mobile Device Policy Template
Mobile Device Policy Template Demand Metric
 
Insider Threat Experiences
Insider Threat ExperiencesInsider Threat Experiences
Insider Threat ExperiencesNapier University
 

Recommandé

A Case For Information Protection Programs
A Case For Information Protection ProgramsA Case For Information Protection Programs
A Case For Information Protection ProgramsMichael Annis
 
Information Technology policy
Information Technology policyInformation Technology policy
Information Technology policymarindi
 
Securing your digital world cybersecurity for sb es
Securing your digital world cybersecurity for sb esSecuring your digital world cybersecurity for sb es
Securing your digital world cybersecurity for sb esSonny Hashmi
 
IT Policy
IT PolicyIT Policy
IT PolicySensewareInfomedia
 
Information Technology Policy for Corporates - Need of the Hour
Information Technology Policy for Corporates - Need of the Hour Information Technology Policy for Corporates - Need of the Hour
Information Technology Policy for Corporates - Need of the Hour Vijay Dalmia
 
Privacy experience in Plone and other open source CMS
Privacy experience in Plone and other open source CMSPrivacy experience in Plone and other open source CMS
Privacy experience in Plone and other open source CMSInteraktiv
 
Mobile Device Policy Template
Mobile Device Policy Template Mobile Device Policy Template
Mobile Device Policy Template Demand Metric
 
Insider Threat Experiences
Insider Threat ExperiencesInsider Threat Experiences
Insider Threat ExperiencesNapier University
 
Best Practices For Information Security Management 2011
Best Practices For Information Security Management 2011Best Practices For Information Security Management 2011
Best Practices For Information Security Management 2011Tony Richardson CISSP
 
DLP: Monitoring Legal Obligations, Managing The Challenges
DLP: Monitoring Legal Obligations, Managing The ChallengesDLP: Monitoring Legal Obligations, Managing The Challenges
DLP: Monitoring Legal Obligations, Managing The ChallengesNapier University
 
En msft-scrty-cntnt-e book-protectyourdata
En msft-scrty-cntnt-e book-protectyourdataEn msft-scrty-cntnt-e book-protectyourdata
En msft-scrty-cntnt-e book-protectyourdataOnline Business
 
20100224 Presentation at RGIT Mumbai - Information Security Awareness
20100224 Presentation at RGIT Mumbai - Information Security Awareness20100224 Presentation at RGIT Mumbai - Information Security Awareness
20100224 Presentation at RGIT Mumbai - Information Security AwarenessDinesh O Bareja
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDaniel P Wallace
 
Information Security
Information SecurityInformation Security
Information SecurityWe Learn - A Continuous Learning Forum from Welingkar's Distance Learning Program.
 
3 ways to secure your law firm’s information and reputation
3 ways to secure your law firm’s information and reputation3 ways to secure your law firm’s information and reputation
3 ways to secure your law firm’s information and reputationNikec Solutions
 
COBIT and IT Policy Presentation
COBIT and IT Policy PresentationCOBIT and IT Policy Presentation
COBIT and IT Policy PresentationSarah Cortes
 
Rapid data services limited
Rapid data services limitedRapid data services limited
Rapid data services limitedoomagoolies
 
A Cybersecurity Planning Guide for CFOs
A Cybersecurity Planning Guide for CFOsA Cybersecurity Planning Guide for CFOs
A Cybersecurity Planning Guide for CFOsgppcpa
 
An Empirical Study on Information Security
An Empirical Study on Information SecurityAn Empirical Study on Information Security
An Empirical Study on Information Securityijtsrd
 
ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1Tanmay Shinde
 
Chapter 3: Information Security Framework
Chapter 3: Information Security FrameworkChapter 3: Information Security Framework
Chapter 3: Information Security FrameworkNada G.Youssef
 
Cybertopicsecurity_3
Cybertopicsecurity_3Cybertopicsecurity_3
Cybertopicsecurity_3Anne Starr
 
Importance Of A Security Policy
Importance Of A Security PolicyImportance Of A Security Policy
Importance Of A Security Policycharlesgarrett
 
It Policies
It PoliciesIt Policies
It PoliciesJames Sutter
 
Building and implementing a successful information security policy
Building and implementing a successful information security policyBuilding and implementing a successful information security policy
Building and implementing a successful information security policyRossMob1
 
Insider threats - Lessons from Snowden (ISF UK Chapter)
Insider threats - Lessons from Snowden (ISF UK Chapter)Insider threats - Lessons from Snowden (ISF UK Chapter)
Insider threats - Lessons from Snowden (ISF UK Chapter)Huntsman Security
 
IT Security & Governance Template
IT Security & Governance TemplateIT Security & Governance Template
IT Security & Governance TemplateFlevy.com Best Practices
 
A guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityA guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityErnest Staats
 
10 Legal Challenges in Creating a BYOD Policy - Lou Milrad
10 Legal Challenges in Creating a BYOD Policy - Lou Milrad10 Legal Challenges in Creating a BYOD Policy - Lou Milrad
10 Legal Challenges in Creating a BYOD Policy - Lou MilradLou Milrad
 
Bring your own device guidance
Bring your own device guidanceBring your own device guidance
Bring your own device guidanceGary Chambers
 

Contenu connexe

Tendances

Best Practices For Information Security Management 2011
Best Practices For Information Security Management 2011Best Practices For Information Security Management 2011
Best Practices For Information Security Management 2011Tony Richardson CISSP
 
DLP: Monitoring Legal Obligations, Managing The Challenges
DLP: Monitoring Legal Obligations, Managing The ChallengesDLP: Monitoring Legal Obligations, Managing The Challenges
DLP: Monitoring Legal Obligations, Managing The ChallengesNapier University
 
En msft-scrty-cntnt-e book-protectyourdata
En msft-scrty-cntnt-e book-protectyourdataEn msft-scrty-cntnt-e book-protectyourdata
En msft-scrty-cntnt-e book-protectyourdataOnline Business
 
20100224 Presentation at RGIT Mumbai - Information Security Awareness
20100224 Presentation at RGIT Mumbai - Information Security Awareness20100224 Presentation at RGIT Mumbai - Information Security Awareness
20100224 Presentation at RGIT Mumbai - Information Security AwarenessDinesh O Bareja
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDaniel P Wallace
 
3 ways to secure your law firm’s information and reputation
3 ways to secure your law firm’s information and reputation3 ways to secure your law firm’s information and reputation
3 ways to secure your law firm’s information and reputationNikec Solutions
 
COBIT and IT Policy Presentation
COBIT and IT Policy PresentationCOBIT and IT Policy Presentation
COBIT and IT Policy PresentationSarah Cortes
 
Rapid data services limited
Rapid data services limitedRapid data services limited
Rapid data services limitedoomagoolies
 
A Cybersecurity Planning Guide for CFOs
A Cybersecurity Planning Guide for CFOsA Cybersecurity Planning Guide for CFOs
A Cybersecurity Planning Guide for CFOsgppcpa
 
An Empirical Study on Information Security
An Empirical Study on Information SecurityAn Empirical Study on Information Security
An Empirical Study on Information Securityijtsrd
 
ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1Tanmay Shinde
 
Chapter 3: Information Security Framework
Chapter 3: Information Security FrameworkChapter 3: Information Security Framework
Chapter 3: Information Security FrameworkNada G.Youssef
 
Cybertopicsecurity_3
Cybertopicsecurity_3Cybertopicsecurity_3
Cybertopicsecurity_3Anne Starr
 
Importance Of A Security Policy
Importance Of A Security PolicyImportance Of A Security Policy
Importance Of A Security Policycharlesgarrett
 
Building and implementing a successful information security policy
Building and implementing a successful information security policyBuilding and implementing a successful information security policy
Building and implementing a successful information security policyRossMob1
 
Insider threats - Lessons from Snowden (ISF UK Chapter)
Insider threats - Lessons from Snowden (ISF UK Chapter)Insider threats - Lessons from Snowden (ISF UK Chapter)
Insider threats - Lessons from Snowden (ISF UK Chapter)Huntsman Security
 
A guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityA guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityErnest Staats
 

Tendances (20)

Best Practices For Information Security Management 2011
Best Practices For Information Security Management 2011Best Practices For Information Security Management 2011
Best Practices For Information Security Management 2011
 
DLP: Monitoring Legal Obligations, Managing The Challenges
DLP: Monitoring Legal Obligations, Managing The ChallengesDLP: Monitoring Legal Obligations, Managing The Challenges
DLP: Monitoring Legal Obligations, Managing The Challenges
 
En msft-scrty-cntnt-e book-protectyourdata
En msft-scrty-cntnt-e book-protectyourdataEn msft-scrty-cntnt-e book-protectyourdata
En msft-scrty-cntnt-e book-protectyourdata
 
20100224 Presentation at RGIT Mumbai - Information Security Awareness
20100224 Presentation at RGIT Mumbai - Information Security Awareness20100224 Presentation at RGIT Mumbai - Information Security Awareness
20100224 Presentation at RGIT Mumbai - Information Security Awareness
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Information Security
Information SecurityInformation Security
Information Security
 
3 ways to secure your law firm’s information and reputation
3 ways to secure your law firm’s information and reputation3 ways to secure your law firm’s information and reputation
3 ways to secure your law firm’s information and reputation
 
COBIT and IT Policy Presentation
COBIT and IT Policy PresentationCOBIT and IT Policy Presentation
COBIT and IT Policy Presentation
 
Rapid data services limited
Rapid data services limitedRapid data services limited
Rapid data services limited
 
A Cybersecurity Planning Guide for CFOs
A Cybersecurity Planning Guide for CFOsA Cybersecurity Planning Guide for CFOs
A Cybersecurity Planning Guide for CFOs
 
An Empirical Study on Information Security
An Empirical Study on Information SecurityAn Empirical Study on Information Security
An Empirical Study on Information Security
 
ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1
 
Chapter 3: Information Security Framework
Chapter 3: Information Security FrameworkChapter 3: Information Security Framework
Chapter 3: Information Security Framework
 
Cybertopicsecurity_3
Cybertopicsecurity_3Cybertopicsecurity_3
Cybertopicsecurity_3
 
Importance Of A Security Policy
Importance Of A Security PolicyImportance Of A Security Policy
Importance Of A Security Policy
 
It Policies
It PoliciesIt Policies
It Policies
 
Building and implementing a successful information security policy
Building and implementing a successful information security policyBuilding and implementing a successful information security policy
Building and implementing a successful information security policy
 
Insider threats - Lessons from Snowden (ISF UK Chapter)
Insider threats - Lessons from Snowden (ISF UK Chapter)Insider threats - Lessons from Snowden (ISF UK Chapter)
Insider threats - Lessons from Snowden (ISF UK Chapter)
 
IT Security & Governance Template
IT Security & Governance TemplateIT Security & Governance Template
IT Security & Governance Template
 
A guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityA guide to Sustainable Cyber Security
A guide to Sustainable Cyber Security
 

Similaire à 08 pdf show-239

10 Legal Challenges in Creating a BYOD Policy - Lou Milrad
10 Legal Challenges in Creating a BYOD Policy - Lou Milrad10 Legal Challenges in Creating a BYOD Policy - Lou Milrad
10 Legal Challenges in Creating a BYOD Policy - Lou MilradLou Milrad
 
Bring your own device guidance
Bring your own device guidanceBring your own device guidance
Bring your own device guidanceGary Chambers
 
Module 1 / Unit 5 Digital Cybersecurity
Module 1 / Unit 5 Digital Cybersecurity Module 1 / Unit 5 Digital Cybersecurity
Module 1 / Unit 5 Digital Cybersecurity SMKCreations
 
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)Pace IT at Edmonds Community College
 
Cyber security guide
Cyber security guideCyber security guide
Cyber security guideMark Bennett
 
Sample Data Security PoliciesThis document provides three ex.docx
Sample Data Security PoliciesThis document provides three ex.docxSample Data Security PoliciesThis document provides three ex.docx
Sample Data Security PoliciesThis document provides three ex.docxrtodd599
 
Exemplo de política BYOD
Exemplo de política BYODExemplo de política BYOD
Exemplo de política BYODFernando Palma
 
FCC Guidelines on Cyber Security
FCC Guidelines on Cyber SecurityFCC Guidelines on Cyber Security
FCC Guidelines on Cyber SecurityMeg Weber
 
Securing your digital world - Cybersecurity for SBEs
Securing your digital world - Cybersecurity for SBEsSecuring your digital world - Cybersecurity for SBEs
Securing your digital world - Cybersecurity for SBEsSonny Hashmi
 
How to Secure Data Privacy in 2024.pdf
How to Secure Data Privacy in 2024.pdfHow to Secure Data Privacy in 2024.pdf
How to Secure Data Privacy in 2024.pdfV2Infotech1
 
How to Secure Data Privacy in 2024.pptx
How to Secure Data Privacy in 2024.pptxHow to Secure Data Privacy in 2024.pptx
How to Secure Data Privacy in 2024.pptxV2Infotech1
 
Network Security Policies
Network Security PoliciesNetwork Security Policies
Network Security PoliciesAamir Sohail
 
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...cyberprosocial
 
Ravi i ot-security
Ravi i ot-securityRavi i ot-security
Ravi i ot-securityskumartarget
 
6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight Back6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight BackMTG IT Professionals
 
Ten Commandments of BYOD
Ten Commandments of BYODTen Commandments of BYOD
Ten Commandments of BYODK Singh
 
Article - 10 best data compliance practices .pdf
Article - 10 best data compliance practices .pdfArticle - 10 best data compliance practices .pdf
Article - 10 best data compliance practices .pdfEnov8
 
7 Practices To Safeguard Your Business From Security Breaches!
7 Practices To Safeguard Your Business From Security Breaches!7 Practices To Safeguard Your Business From Security Breaches!
7 Practices To Safeguard Your Business From Security Breaches!Caroline Johnson
 

Similaire à 08 pdf show-239 (20)

10 Legal Challenges in Creating a BYOD Policy - Lou Milrad
10 Legal Challenges in Creating a BYOD Policy - Lou Milrad10 Legal Challenges in Creating a BYOD Policy - Lou Milrad
10 Legal Challenges in Creating a BYOD Policy - Lou Milrad
 
Bring your own device guidance
Bring your own device guidanceBring your own device guidance
Bring your own device guidance
 
Module 1 / Unit 5 Digital Cybersecurity
Module 1 / Unit 5 Digital Cybersecurity Module 1 / Unit 5 Digital Cybersecurity
Module 1 / Unit 5 Digital Cybersecurity
 
Leveraging byod
Leveraging byodLeveraging byod
Leveraging byod
 
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)
 
Cyber security guide
Cyber security guideCyber security guide
Cyber security guide
 
Sample Data Security PoliciesThis document provides three ex.docx
Sample Data Security PoliciesThis document provides three ex.docxSample Data Security PoliciesThis document provides three ex.docx
Sample Data Security PoliciesThis document provides three ex.docx
 
Exemplo de política BYOD
Exemplo de política BYODExemplo de política BYOD
Exemplo de política BYOD
 
FCC Guidelines on Cyber Security
FCC Guidelines on Cyber SecurityFCC Guidelines on Cyber Security
FCC Guidelines on Cyber Security
 
IT Policy
IT PolicyIT Policy
IT Policy
 
Securing your digital world - Cybersecurity for SBEs
Securing your digital world - Cybersecurity for SBEsSecuring your digital world - Cybersecurity for SBEs
Securing your digital world - Cybersecurity for SBEs
 
How to Secure Data Privacy in 2024.pdf
How to Secure Data Privacy in 2024.pdfHow to Secure Data Privacy in 2024.pdf
How to Secure Data Privacy in 2024.pdf
 
How to Secure Data Privacy in 2024.pptx
How to Secure Data Privacy in 2024.pptxHow to Secure Data Privacy in 2024.pptx
How to Secure Data Privacy in 2024.pptx
 
Network Security Policies
Network Security PoliciesNetwork Security Policies
Network Security Policies
 
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
 
Ravi i ot-security
Ravi i ot-securityRavi i ot-security
Ravi i ot-security
 
6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight Back6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight Back
 
Ten Commandments of BYOD
Ten Commandments of BYODTen Commandments of BYOD
Ten Commandments of BYOD
 
Article - 10 best data compliance practices .pdf
Article - 10 best data compliance practices .pdfArticle - 10 best data compliance practices .pdf
Article - 10 best data compliance practices .pdf
 
7 Practices To Safeguard Your Business From Security Breaches!
7 Practices To Safeguard Your Business From Security Breaches!7 Practices To Safeguard Your Business From Security Breaches!
7 Practices To Safeguard Your Business From Security Breaches!
 

Plus de #TheFraudTube

09 bis 15-34_provisional_implementation_plan_for_parts_7_and_8_of_sbee
09 bis 15-34_provisional_implementation_plan_for_parts_7_and_8_of_sbee09 bis 15-34_provisional_implementation_plan_for_parts_7_and_8_of_sbee
09 bis 15-34_provisional_implementation_plan_for_parts_7_and_8_of_sbee#TheFraudTube
 
FCF 5th Feb 2015 06 - Safer Jobs
FCF 5th Feb 2015 06 - Safer JobsFCF 5th Feb 2015 06 - Safer Jobs
FCF 5th Feb 2015 06 - Safer Jobs#TheFraudTube
 
FCF 5th Feb 2015 04 - FDB Tech
FCF 5th Feb 2015 04 - FDB TechFCF 5th Feb 2015 04 - FDB Tech
FCF 5th Feb 2015 04 - FDB Tech#TheFraudTube
 
FCF 5th Feb 2015 03 - Local Authority Fraud
FCF 5th Feb 2015 03 - Local Authority FraudFCF 5th Feb 2015 03 - Local Authority Fraud
FCF 5th Feb 2015 03 - Local Authority Fraud#TheFraudTube
 
FCF 5th Feb 2015 02 - Landscape of Alcohol Fraud
FCF 5th Feb 2015 02 - Landscape of Alcohol FraudFCF 5th Feb 2015 02 - Landscape of Alcohol Fraud
FCF 5th Feb 2015 02 - Landscape of Alcohol Fraud#TheFraudTube
 
FCF 5th Feb 2015 01 - Welcome & Introductions
FCF 5th Feb 2015 01 - Welcome & IntroductionsFCF 5th Feb 2015 01 - Welcome & Introductions
FCF 5th Feb 2015 01 - Welcome & Introductions#TheFraudTube
 
The Fraud & Cybercrime Forum: Agenda 5th Feb 2015
The Fraud & Cybercrime Forum: Agenda 5th Feb 2015The Fraud & Cybercrime Forum: Agenda 5th Feb 2015
The Fraud & Cybercrime Forum: Agenda 5th Feb 2015#TheFraudTube
 
00 FCF Agenda 15th July 2014
00 FCF Agenda 15th July 201400 FCF Agenda 15th July 2014
00 FCF Agenda 15th July 2014#TheFraudTube
 
10 fraud bribery-and_money_laundering_offences_-_definitive_guideline
10 fraud bribery-and_money_laundering_offences_-_definitive_guideline10 fraud bribery-and_money_laundering_offences_-_definitive_guideline
10 fraud bribery-and_money_laundering_offences_-_definitive_guideline#TheFraudTube
 
07 FCF Resources 15th July 2014
07 FCF Resources 15th July 201407 FCF Resources 15th July 2014
07 FCF Resources 15th July 2014#TheFraudTube
 
06 Minutes - FCF May 2014
06 Minutes - FCF May 201406 Minutes - FCF May 2014
06 Minutes - FCF May 2014#TheFraudTube
 
05 Identity Theft (C6)
05 Identity Theft (C6)05 Identity Theft (C6)
05 Identity Theft (C6)#TheFraudTube
 
04 A-Z of Fraud & Cybercrime (Workshop)
04 A-Z of Fraud & Cybercrime (Workshop)04 A-Z of Fraud & Cybercrime (Workshop)
04 A-Z of Fraud & Cybercrime (Workshop)#TheFraudTube
 
03 Member Spotlight (Virgin Media)
03 Member Spotlight (Virgin Media)03 Member Spotlight (Virgin Media)
03 Member Spotlight (Virgin Media)#TheFraudTube
 
01 Welcome & Introductions - FCF 15th July 2014
01 Welcome & Introductions - FCF 15th July 201401 Welcome & Introductions - FCF 15th July 2014
01 Welcome & Introductions - FCF 15th July 2014#TheFraudTube
 
The Fraud & Cybercrime Forum from #TheFraudTube: Agenda 15th July 2014, London
The Fraud & Cybercrime Forum from #TheFraudTube: Agenda 15th July 2014, LondonThe Fraud & Cybercrime Forum from #TheFraudTube: Agenda 15th July 2014, London
The Fraud & Cybercrime Forum from #TheFraudTube: Agenda 15th July 2014, London#TheFraudTube
 
FCF June 2014 - 02 fraud facts 2 p securing board level support for anti fra...
FCF June 2014 - 02 fraud facts 2 p securing board level support for anti fra... FCF June 2014 - 02 fraud facts 2 p securing board level support for anti fra...
FCF June 2014 - 02 fraud facts 2 p securing board level support for anti fra...#TheFraudTube
 
FCF June 2014 - 00 fcf agenda 19th may 2014
FCF June 2014 - 00 fcf agenda 19th may 2014 FCF June 2014 - 00 fcf agenda 19th may 2014
FCF June 2014 - 00 fcf agenda 19th may 2014#TheFraudTube
 

Plus de #TheFraudTube (20)

09 bis 15-34_provisional_implementation_plan_for_parts_7_and_8_of_sbee
09 bis 15-34_provisional_implementation_plan_for_parts_7_and_8_of_sbee09 bis 15-34_provisional_implementation_plan_for_parts_7_and_8_of_sbee
09 bis 15-34_provisional_implementation_plan_for_parts_7_and_8_of_sbee
 
FCF 5th Feb 2015 06 - Safer Jobs
FCF 5th Feb 2015 06 - Safer JobsFCF 5th Feb 2015 06 - Safer Jobs
FCF 5th Feb 2015 06 - Safer Jobs
 
FCF 5th Feb 2015 04 - FDB Tech
FCF 5th Feb 2015 04 - FDB TechFCF 5th Feb 2015 04 - FDB Tech
FCF 5th Feb 2015 04 - FDB Tech
 
FCF 5th Feb 2015 03 - Local Authority Fraud
FCF 5th Feb 2015 03 - Local Authority FraudFCF 5th Feb 2015 03 - Local Authority Fraud
FCF 5th Feb 2015 03 - Local Authority Fraud
 
FCF 5th Feb 2015 02 - Landscape of Alcohol Fraud
FCF 5th Feb 2015 02 - Landscape of Alcohol FraudFCF 5th Feb 2015 02 - Landscape of Alcohol Fraud
FCF 5th Feb 2015 02 - Landscape of Alcohol Fraud
 
FCF 5th Feb 2015 01 - Welcome & Introductions
FCF 5th Feb 2015 01 - Welcome & IntroductionsFCF 5th Feb 2015 01 - Welcome & Introductions
FCF 5th Feb 2015 01 - Welcome & Introductions
 
The Fraud & Cybercrime Forum: Agenda 5th Feb 2015
The Fraud & Cybercrime Forum: Agenda 5th Feb 2015The Fraud & Cybercrime Forum: Agenda 5th Feb 2015
The Fraud & Cybercrime Forum: Agenda 5th Feb 2015
 
00 FCF Agenda 15th July 2014
00 FCF Agenda 15th July 201400 FCF Agenda 15th July 2014
00 FCF Agenda 15th July 2014
 
10 fraud bribery-and_money_laundering_offences_-_definitive_guideline
10 fraud bribery-and_money_laundering_offences_-_definitive_guideline10 fraud bribery-and_money_laundering_offences_-_definitive_guideline
10 fraud bribery-and_money_laundering_offences_-_definitive_guideline
 
09 pdf show-240
09 pdf show-24009 pdf show-240
09 pdf show-240
 
07 FCF Resources 15th July 2014
07 FCF Resources 15th July 201407 FCF Resources 15th July 2014
07 FCF Resources 15th July 2014
 
06 Minutes - FCF May 2014
06 Minutes - FCF May 201406 Minutes - FCF May 2014
06 Minutes - FCF May 2014
 
05 Identity Theft (C6)
05 Identity Theft (C6)05 Identity Theft (C6)
05 Identity Theft (C6)
 
04 A-Z of Fraud & Cybercrime (Workshop)
04 A-Z of Fraud & Cybercrime (Workshop)04 A-Z of Fraud & Cybercrime (Workshop)
04 A-Z of Fraud & Cybercrime (Workshop)
 
03 Member Spotlight (Virgin Media)
03 Member Spotlight (Virgin Media)03 Member Spotlight (Virgin Media)
03 Member Spotlight (Virgin Media)
 
02 Easy Solutions
02 Easy Solutions02 Easy Solutions
02 Easy Solutions
 
01 Welcome & Introductions - FCF 15th July 2014
01 Welcome & Introductions - FCF 15th July 201401 Welcome & Introductions - FCF 15th July 2014
01 Welcome & Introductions - FCF 15th July 2014
 
The Fraud & Cybercrime Forum from #TheFraudTube: Agenda 15th July 2014, London
The Fraud & Cybercrime Forum from #TheFraudTube: Agenda 15th July 2014, LondonThe Fraud & Cybercrime Forum from #TheFraudTube: Agenda 15th July 2014, London
The Fraud & Cybercrime Forum from #TheFraudTube: Agenda 15th July 2014, London
 
FCF June 2014 - 02 fraud facts 2 p securing board level support for anti fra...
FCF June 2014 - 02 fraud facts 2 p securing board level support for anti fra... FCF June 2014 - 02 fraud facts 2 p securing board level support for anti fra...
FCF June 2014 - 02 fraud facts 2 p securing board level support for anti fra...
 
FCF June 2014 - 00 fcf agenda 19th may 2014
FCF June 2014 - 00 fcf agenda 19th may 2014 FCF June 2014 - 00 fcf agenda 19th may 2014
FCF June 2014 - 00 fcf agenda 19th may 2014
 

Dernier

Marketing Management 16th edition by Philip Kotler test bank.docx
Marketing Management 16th edition by Philip Kotler test bank.docxMarketing Management 16th edition by Philip Kotler test bank.docx
Marketing Management 16th edition by Philip Kotler test bank.docxssuserf63bd7
 
Information Technology Project Management, Revised 7th edition test bank.docx
Information Technology Project Management, Revised 7th edition test bank.docxInformation Technology Project Management, Revised 7th edition test bank.docx
Information Technology Project Management, Revised 7th edition test bank.docxssuserf63bd7
 
Beyond the Codes_Repositioning towards sustainable development
Beyond the Codes_Repositioning towards sustainable developmentBeyond the Codes_Repositioning towards sustainable development
Beyond the Codes_Repositioning towards sustainable developmentNimot Muili
 
Persuasive and Communication is the art of negotiation.
Persuasive and Communication is the art of negotiation.Persuasive and Communication is the art of negotiation.
Persuasive and Communication is the art of negotiation.aruny7087
 
internship thesis pakistan aeronautical complex kamra
internship thesis pakistan aeronautical complex kamrainternship thesis pakistan aeronautical complex kamra
internship thesis pakistan aeronautical complex kamraAllTops
 
Safety T fire missions army field Artillery
Safety T fire missions army field ArtillerySafety T fire missions army field Artillery
Safety T fire missions army field ArtilleryKennethSwanberg
 
International Ocean Transportation p.pdf
International Ocean Transportation p.pdfInternational Ocean Transportation p.pdf
International Ocean Transportation p.pdfAlejandromexEspino
 
How Software Developers Destroy Business Value.pptx
How Software Developers Destroy Business Value.pptxHow Software Developers Destroy Business Value.pptx
How Software Developers Destroy Business Value.pptxAaron Stannard
 
The Psychology Of Motivation - Richard Brown
The Psychology Of Motivation - Richard BrownThe Psychology Of Motivation - Richard Brown
The Psychology Of Motivation - Richard BrownSandaliGurusinghe2
 
Gautam Buddh Nagar Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Gautam Buddh Nagar Call Girls 🥰 8617370543 Service Offer VIP Hot ModelGautam Buddh Nagar Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Gautam Buddh Nagar Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNitya salvi
 
Siliguri Escorts Service Girl ^ 9332606886, WhatsApp Anytime Siliguri
Siliguri Escorts Service Girl ^ 9332606886, WhatsApp Anytime SiliguriSiliguri Escorts Service Girl ^ 9332606886, WhatsApp Anytime Siliguri
Siliguri Escorts Service Girl ^ 9332606886, WhatsApp Anytime Siligurimeghakumariji156
 
W.H.Bender Quote 62 - Always strive to be a Hospitality Service professional
W.H.Bender Quote 62 - Always strive to be a Hospitality Service professionalW.H.Bender Quote 62 - Always strive to be a Hospitality Service professional
W.H.Bender Quote 62 - Always strive to be a Hospitality Service professionalWilliam (Bill) H. Bender, FCSI
 
digital Human resource management presentation.pdf
digital Human resource management presentation.pdfdigital Human resource management presentation.pdf
digital Human resource management presentation.pdfArtiSrivastava23
 

Dernier (14)

Marketing Management 16th edition by Philip Kotler test bank.docx
Marketing Management 16th edition by Philip Kotler test bank.docxMarketing Management 16th edition by Philip Kotler test bank.docx
Marketing Management 16th edition by Philip Kotler test bank.docx
 
Information Technology Project Management, Revised 7th edition test bank.docx
Information Technology Project Management, Revised 7th edition test bank.docxInformation Technology Project Management, Revised 7th edition test bank.docx
Information Technology Project Management, Revised 7th edition test bank.docx
 
Beyond the Codes_Repositioning towards sustainable development
Beyond the Codes_Repositioning towards sustainable developmentBeyond the Codes_Repositioning towards sustainable development
Beyond the Codes_Repositioning towards sustainable development
 
Persuasive and Communication is the art of negotiation.
Persuasive and Communication is the art of negotiation.Persuasive and Communication is the art of negotiation.
Persuasive and Communication is the art of negotiation.
 
internship thesis pakistan aeronautical complex kamra
internship thesis pakistan aeronautical complex kamrainternship thesis pakistan aeronautical complex kamra
internship thesis pakistan aeronautical complex kamra
 
Safety T fire missions army field Artillery
Safety T fire missions army field ArtillerySafety T fire missions army field Artillery
Safety T fire missions army field Artillery
 
Abortion pills in Jeddah |• +966572737505 ] GET CYTOTEC
Abortion pills in Jeddah |• +966572737505 ] GET CYTOTECAbortion pills in Jeddah |• +966572737505 ] GET CYTOTEC
Abortion pills in Jeddah |• +966572737505 ] GET CYTOTEC
 
International Ocean Transportation p.pdf
International Ocean Transportation p.pdfInternational Ocean Transportation p.pdf
International Ocean Transportation p.pdf
 
How Software Developers Destroy Business Value.pptx
How Software Developers Destroy Business Value.pptxHow Software Developers Destroy Business Value.pptx
How Software Developers Destroy Business Value.pptx
 
The Psychology Of Motivation - Richard Brown
The Psychology Of Motivation - Richard BrownThe Psychology Of Motivation - Richard Brown
The Psychology Of Motivation - Richard Brown
 
Gautam Buddh Nagar Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Gautam Buddh Nagar Call Girls 🥰 8617370543 Service Offer VIP Hot ModelGautam Buddh Nagar Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Gautam Buddh Nagar Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Siliguri Escorts Service Girl ^ 9332606886, WhatsApp Anytime Siliguri
Siliguri Escorts Service Girl ^ 9332606886, WhatsApp Anytime SiliguriSiliguri Escorts Service Girl ^ 9332606886, WhatsApp Anytime Siliguri
Siliguri Escorts Service Girl ^ 9332606886, WhatsApp Anytime Siliguri
 
W.H.Bender Quote 62 - Always strive to be a Hospitality Service professional
W.H.Bender Quote 62 - Always strive to be a Hospitality Service professionalW.H.Bender Quote 62 - Always strive to be a Hospitality Service professional
W.H.Bender Quote 62 - Always strive to be a Hospitality Service professional
 
digital Human resource management presentation.pdf
digital Human resource management presentation.pdfdigital Human resource management presentation.pdf
digital Human resource management presentation.pdf
 

08 pdf show-239

  • 1. FRAUD FACTS Issue 23 June 2014 INFORMATION FOR ORGANISATIONS Bring your own device (BYOD) policies Organisations are increasingly allowing staff to connect to their corporate network using their own personal devices. This factsheet highlights some of the security issues that should be considered and safeguarded against when adopting such an approach. individual and/or department with sufficient authority, such as a director or senior manager within the IT department. Communicating your policy All staff, contractors, consultants and freelancers should be made aware of your BYOD policy. Actively and regularly promote the policy to staff throughout the organisation – irrespective of grade, position or length of service. Reviewing your policy Technology changes rapidly. It is essential that you review your BYOD policy regularly to ensure that it remains relevant and effective. Key security considerations Before introducing a BYOD policy it is important that your business has well-managed and appropriate information security policies and procedures in place. Consider the legal risks and seek advice from an IT, data protection or other suitably qualified professional where appropriate. Key issues to be considered are outlined below. Help and support Technical support may be required when staff connect to the network using their own device. This could involve activating desktop security settings (eg, screen lock), encryption and firewalls, installing remote desktop clients and a Virtual Private Network (VPN) connection. Publish a list of supported devices and the security steps that staff must take for each device. All staff should access the network using a unique username and a strong password. Introduction Organisations are increasingly allowing staff to connect to their corporate network using their personally owned electronic devices. Such an approach can be advantageous, boosting productivity and enabling staff to work while travelling or away from their desk. However, businesses should be aware that there are important security issues around the use of personal devices for work purposes, and these need to be carefully considered and safeguarded against. Some of the risks associated with allowing staff to use their personal devices for work purposes include (but are not limited to): • loss or theft of staff-owned personal devices that contain business information; • inadequate controls for unauthorised programs (such as apps, instant messaging, file sharing and ‘paste bins’) which may result in accidental data leakage and security vulnerabilities (malware); • deliberate and/or malicious theft of business information and intellectual property; • non-compliance or breaches of applicable laws, regulations and/or business policies (such as data protection and Payment Card Industry Data Security Standards); and • insurance and IT security policies may become more complex and costly to manage. In addition, it can be very difficult to tell staff what they can and cannot do with their own devices in their own time. What is a BYOD policy? A ‘Bring Your Own Device’ (BYOD) policy sets the standards, procedures and restrictions applicable to staff who use their personally owned devices to connect to the corporate network from home, at work or while travelling for business purposes. It aims to protect your business (and your staff) from accidental and deliberate information security breaches. An effective BYOD policy should be simple, concise and easily understood. As a minimum it should explain: • who the policy applies to (eg, staff, contractors/consultants/freelancers); • which devices can be used (eg, laptops, tablets, smartphones); • what services and/or information (data) can be accessed (eg, email, calendars, contacts); • the responsibilities of the employer and staff member (including for security measures that need to be adopted); • which applications (apps) can/cannot be installed (eg, for social media browsing, sharing or opening files etc); • what help and support is available from IT staff; and • the penalties for non-compliance (eg, privilege revocation and other disciplinary procedures). Before staff are allowed to use their personal devices for work purposes they should agree to adhere to the requirements set out in the BYOD policy. Whom should it cover? Your policy should cover all full- and part-time staff who want to use their personal devices to access business systems and information. It should also cover consultants, contractors and freelancers. Designating responsibility Designate oversight for the policy to an
  • 2. Sign-off procedure Ensure each BYOD device is compliant with security policies before granting network access. Decide how this is done: either face to face or through the use of remote access technology. Ask staff to agree to various security provisions during the sign-off process (such as secure wipe settings). Make it mandatory for staff to report lost or stolen personal devices and any suspected data breaches immediately to your IT/data protection department who can instigate actions to remotely wipe or protect the loss of business data. Data classification Categorise business information into public (eg, press releases), internal (eg, contact lists) and confidential data (eg, client or customer data). Use controls to limit the opportunities for confidential data loss by linking classification to your information and network security policies. Information security All staff should be asked to sign a security policy that prohibits the retention of confidential business data on personal devices (whether encrypted or decrypted). Limit staff access to data to a ‘need to know’ basis. Link your BYOD policy to your Acceptable Use Policy (AUP) which asks staff not to connect to unacceptable, objectionable or illegal websites or engage in inappropriate behaviour through a VPN connection made accessible via a personal device (eg, using social media to post abusive content). Where possible, block access to high-risk websites via the VPN by using firewall accept and deny rules. Consider including in employment contracts the disciplinary action that will be taken for policy breaches. Always act on advice published by the Information Commissioner’s Office (ICO) when reviewing security policies. Data protection must be taken seriously by all concerned. Remember: your business must never have access to any personal data stored on a BYOD device. Network security Ideally staff should access business resources through a virtual desktop that prohibits the download of any document to their personal hard drive. Personal devices should be considered ‘untrusted’ and given limited access to network resources. This can be done using Dynamic Host Configuration Protocol (DHCP). Access to limited network resources and data can be granted to untrusted devices through network separation and firewall rules. Security management Changes to network security policies may result in new vulnerabilities. Make sure that remote and virtual desktop applications are monitored and regularly patched. Critical security holes should be patched on a risk-sensitive basis (including a zero-day fix rule for emergency updates). All personal devices will need security management, vulnerability scanning and updates as required. Leavers policy Ensure your staff leavers policy allows your IT department to retain a copy of all business-related email communications and documents created by the leaver, whilst ensuring no copies are retained by any individual or personal device (eg, by performing an ‘exit’ wipe). Network access should be revoked immediately. Unless your business retains full control over security settings this may be challenging. Hallmarks of an effective policy DO: 4 Make staff and consultants aware of your BYOD policy. Actively and regularly promote it throughout the organisation to staff – irrespective of grade, position or length of service. 4 Require staff to set a strong PIN or password on the device. Passwords should contain a combination of letters, numbers and other characters, and be difficult to guess. 4 Ensure that you have the right to wipe the content on devices that are lost or stolen. Provide guidance for staff on how to back up their personal content so that it can be restored to a new device. 4 Designate responsibility for oversight of your BYOD policy to an individual and/or department with sufficient authority. 4 Review the policy on a regular basis. Update it to reflect technological advances and changes to business activities. DO NOT: 7 Expect staff to be aware of the policy without telling them it exists. 7 Introduce a BYOD policy and fail to follow up on it. 7 Expect that the existence of a policy alone is enough to prevent fraud or loss of business information. Further information See our separate fraud factsheets on Cloud Computing, and An Introduction to Fraud Risk Management for more information. Fraud Advisory Panel www.fraudadvisorypanel.org Get Safe Online www.getsafeonline.org Information Commissioner’s Office www.ico.org.uk PCI Security Standards Council www.pcisecuritystandards.org Fraud Advisory Panel, Chartered Accountants’ Hall, Moorgate Place, London EC2R 6EA. Tel: 020 7920 8721, Fax: 020 7920 8545, Email: info@fraudadvisorypanel.org. Company Limited by Guarantee Registered in England and Wales No. 04327390 Registered Charity No. 1108863 © Fraud Advisory Panel 2014 All rights reserved. If you want to reproduce or redistribute any of the material in this publication, you should first get the Fraud Advisory Panel’s permission in writing. The Fraud Advisory Panel and the contributors will not be liable for any reliance you place on the information in this Fraud Facts. You should seek independent advice. www.fraudadvisorypanel.org The Fraud Advisory Panel gratefully acknowledges as the main contributor Seona Devaney (Frisk Online) in the preparation of this Fraud Facts. Distributed by www.thefraudtube.com 27052014 FRAUD FACTS Issue 23 June 2014