How to Plan a BYOD Security Policy for Schools
Education facilities are almost in unanimous agreement that mobile device policies are important specifically when those mobile devices are not owned by the school. The most common rationale around writing a proper byod security policy includes:
Bringing about a compliance with standards and laws
Bringing about a greater awareness of threats
Enabling the mobility users (employee or student)
Protecting the organization’s sensitive information
Supporting IT innovation
Bringing about knowledge of changes in IT support strategy
Right now a common practice for BYOD users is a requirement for users to sign a user agreement. Signing a user agreement is good, but as an overall written policy simply isn’t enough when, for example, the question gets raised: how will this agreement be monitored? A proper completed policy outline should in some way include the following:
A defined outline of financial responsibilities: Who is paying for the plans & devices?
What are the minimum device requirements the school will allow? What types of devices are allowed to access the network? Which operating systems are supported?
How will the personal data be stored and segmented in comparison to the organizational data? Will cloud based management be used? See also, “4 Dangers of Cloud Managed Wireless Solutions.”
How will employees or students be educated on said policies? Define a timeline for phased in educational approach of policies and deployments and make sure these questions are thought out appropriately: What do users need to know and when? What resources are needed to help educate and train? Who will implement training and stand behind consequences of broken policy agreements?
Determine all support capabilities and define specific roles for support staff: Are the implementations able to be self- supported? What role will the support staff play in help desk capabilities? Which services are required for help desk employees? What managed system needs to be implemented if support staff capabilities are not there?
A defined Acceptable Use Policy and enforcement plan: A signed user agreement, as mentioned above, is essential and should be included in the policy standards and procedures. Include a defined list of consequences and clarified staff in place to enforce written rules.
A proper policy, when put in place, can be an integral step in mitigating risk as a school moving toward a BYOD solution. If your school is considering a BYOD implementation and you have questions or would like a free BYOD Readiness consultation, please contact us here. We have helped schools all over the country and our goal is to be a resource for you.