Government BYOD Guidelines Updated

Oct 07, 2014

The UK government’s National Technical Authority for Information Assurance (CESG) has updated its BYOD (Bring Your Own Device) guidance.

The organisation claims the revision was necessary due to the rapid increase in the use of mobile devices and the growth of remote and flexible working staff, where employees expect to be able to conduct business via their own technology equipment.

CESG urges organisations considering a BYOD policy to understand relevant legal issues, limit the information shared by devices, consider technical controls and plan for security incidents.

“The legal responsibility for protecting personal information is with the data controller, not the device owner,” claims the guidance document.

“The Information Commissioner’s Office (ICO) can compose fines of up to £500,000 for serious data breaches,” it adds.

CESG also recommends reading the ICO’S BYOD guidance, the Data Protection Act and the Employment Practices Code to ensure legal compliance.

Its document also highlights how personally owned mobile devices can often facilitate the easy and sometimes automatic sharing of data with other users and the cloud, claiming “this is a risk that needs to be managed.”

The guidance notes that technical services such as Mobile Device Management (MDM) can help with remote security, management and support of personally owned devices.

“Mobile Devices Are Always At Risk”

It also claims it is important to remember that mobile devices are lost, stolen and compromised every day and this can affect business data protection.

The document recommends that organisations should always act immediately to limit losses, prevent the spread of any compromise and learn lessons from the incident.

“Plan for and rehearse incidents where a personally owned device that has access to sensitive business information is lost, stolen or compromised,” it says.

“Ensure you are able to revoke access to business information and services quickly and understand how you will deal with any data remaining of the device.

“Consider using a remote wipe feature for business data,” it adds.

© 24N.biz 

byod / CESG / government / Mobile / public sector / security / Technology
Comments
No comments yet.

Comment

 

Understanding the risks and rewards of public sector cloud 

Download the Whitepaper now

Partner

Partners

24Newswire
Sign up to receive latest news

Twitter Feed

Why does pubsec ICT PR firm @MantisPR want to be at the upcoming #eventcentreUK THINK Digital Vendors 2016 event? https://t.co/3tE5o7aMmO
@24nbiz
Apr 01, 2016
@thinkdigicon supporter @Adv365 sets out its stall for tomorrow's landmark #gcloud event https://t.co/FQraJP2yyg
@24nbiz
Mar 21, 2016
@thinkdigicon supporter @Adv365 explains why it's supporting tomorrow's show https://t.co/2Wj3UECo9s
@24nbiz
Mar 21, 2016
@24n.biz: what's the final agenda for tomorrow's @thinkdigicon #gcloud @GOVUKdigimkt show? https://t.co/6CASi8lrnU
@24nbiz
Mar 21, 2016