Education facilities are almost in unanimous agreement that mobile device policies are important specifically when those mobile devices are not owned by the school. The most common rationale around writing a proper BYOD security policy includes:
-
Bringing about a compliance with standards and laws
-
Bringing about a greater awareness of threats
-
Enabling the mobility users (employee or student)
-
Protecting the organization’s sensitive information
-
Supporting IT innovation
-
Bringing about knowledge of changes in IT support strategy
Right now a common practice for BYOD users is a requirement for users to sign a user agreement. Signing a user agreement is good, but as an overall written policy simply isn’t enough when, for example, the question gets raised: how will this agreement be monitored? A proper completed policy outline should in some way include the following:
A Defined Outline of Financial Responsibilities:
Who is paying for the plans & devices?
Device Requirements
What are the minimum device requirements the school will allow? What types of devices are allowed to access the network? Which operating systems are supported?
Personal Data vs. Organizational Data
How will the personal data be stored and segmented in comparison to the organizational data? Will cloud based management be used? See also, “4 Dangers of Cloud Managed Wireless Solutions.”
Policy Education
How will employees or students be educated on said policies? Define a timeline for phased in educational approach of policies and deployments and make sure these questions are thought out appropriately: What do users need to know and when? What resources are needed to help educate and train? Who will implement training and stand behind consequences of broken policy agreements?
Support Capabilities
Determine all support capabilities and define specific roles for support staff: Are the implementations able to be self- supported? What role will the support staff play in help desk capabilities? Which services are required for help desk employees? What managed system needs to be implemented if support staff capabilities are not there?
Acceptable Use Policy
A defined Acceptable Use Policy and enforcement plan: A signed user agreement, as mentioned above, is essential and should be included in the policy standards and procedures. Include a defined list of consequences and clarified staff in place to enforce written rules.
A proper policy, when put in place, can be an integral step in mitigating risk as a school moving toward a BYOD solution. If your school is considering a BYOD implementation and you have questions or would like a free BYOD Readiness consultation, please contact us here. We have helped schools all over the country and our goal is to be a resource for you.
