Jun 01 2020

Governing from Home: Best Practices for BYOD Agency Telework

State and local governments need a strategy built on the right policies and readily deployable tools to make remote work a success.

State and local governments across the country have moved to unprecedented full-time remote work over the past few months, migrating practically overnight from highly monitored networks to less secure home internet connections. This transformational shift in the way state and local governments operate creates a host of new security and risk management challenges. 

BYOD is a major concern. When government workers use devices for both personal and professional functions, sensitive work-related documents sit next to social media, messaging, games and potentially malicious third-party applications. It’s difficult to micromanage employee security practices on personal laptops or phones, even with the right policies in place.

As a result, state and local governments need a strategy built on the right policies and immediately implementable tools to provide secure remote access within their organizations.

To start, establish a clear BYOD and remote access policy by defining employee, manager and IT administration responsibilities. IT teams should also begin with an assessment of security tools as well as the technology infrastructure to ensure the most secure and appropriate technologies are used. Selecting technologies that have security built in versus added on can lower risk while protecting data. When developing your organization’s policy, industry guidance such as the National Institute of Standards and Technology’s framework for telework can help. 

Communication is also key. Keep employees informed about best practices, including new updates to operating systems and approved applications, such as web browsers, email clients, instant messaging clients and security software. 

Educate workers on ways to keep their devices safe, like controlling device access by setting a unique PIN and automatically locking a device after an idle period. Networking capabilities, such as Bluetooth and near-field communication, should also be disabled except when needed.

Essential Tools for Telework Success

Despite the best policies, human error is inevitable. To help protect users, the right tools are essential to provide secure remote access within an organization.

VPN: A VPN-protected connection is among the simplest yet most essential BYOD security solutions. A VPN connection is encrypted and cannot be easily intercepted or undermined. With an efficient VPN platform in use, a threat will only arise if the authorization data for the VPN software solution is compromised.

Remote Desktop Protocol: Another way to let your BYOD workforce connect to your organization remotely is via Remote Desktop Protocol (RDP). RDP involves desktop sharing: Users connect directly to another machine rather than simply connecting to a private network. RDP should be used in conjunction with a VPN to minimize security risk.

Cloud: A third alternative to enable all-around availability of BYOD solutions for employees is to leverage a secure cloud platform. Organizations can pick from various cloud solutions to establish a remote digital organization’s environment. A multicloud approach offers increased security and greater flexibility, transparency and scalability for public sector agencies. In order to minimize cloud computing security risks, enable two-factor authentication and consider the use of hardware tokens.

Mobile Device Management: Where practical, MDM will allow you to place controls on end-user devices and segment business data and use from personal data and use. It’s also important to establish and enforce tiered levels for remote access based on role and least privilege principles and require multifactor authentication for enterprise access. 

READ MORE: Find out how state CIOs think their operations will evolve. 

How to Make a BYOD Policy Work

The foundation of the IT security program for BYOD requires instilling zero-trust policies that clearly define what is safe, secure and permissible. This won’t happen overnight, but it’s important to begin implementing a remote work plan to improve security in the long term. 

For a policy to work, IT must deliver the right solution from the remote endpoint to the data center to the cloud and back. A comprehensive security policy needs to protect devices, networks and storage for a seamless user experience. Above all, it needs to protect the data no matter where it resides. 

During this unprecedented period of extended telework, a security and risk management plan for remote employees — and immediate steps an organization can take — are mission-critical. A careful execution of these procedures will bolster the security posture of the BYOD workforce to mitigate the risks associated with telework for government employees.

Hiraman/Getty Images