The Centre for the Protection of National Infrastructure has produced a collection of guidance notes on best practices for managing the risks inherent to scenarios where employees use their own devices for work purposes. They complement existing guidance by the Information Commissioner’s Office on this topic.
The guidance focuses on how to design network architecture to prevent devices from accessing particularly sensitive data, together with ensuring device security while cautioning against overly stringent access controls that could provide incentives for employees to find ways around them.
One of the guidance notes on architectural approaches contains examples of common scenarios faced by organisations with a ‘bring your own device’ policy and highlights associated risks. These include scenarios in respect of the possibility of transmitting malicious code from personal to corporate email accounts, together with the dangers of storing sensitive business emails in the cloud.