5 Actions to Comply with NCSC’s New BYOD Rules

This article has been indexed from

The Duo Blog

We recently explored in the blog the National Cyber Security Center’s (NCSC) newly revised Cyber Essentials scheme, and how its specific post-pandemic “Bring Your Own Device” policies have led to some publications labeling the change “BYOD 2.0.” 

The NCSC has provided a lot of guidance regarding what it’s looking for from UK firms of all sizes and sectors. Because the changes are so vast — and because we like to share our own cybersecurity expertise with the market — in this blog we’re delving deeper into what you need to do to choose and implement the right solution, in the right way, using the five actions outlined by the NCSC as a starting point. 

1. Determine Your Objectives, User Needs and Risks

This action is all about asking a comprehensive list of BYOD readiness questions, including what business functions you need to achieve, what types of devices and platforms you intend to facilitate working from, and where BYOD devices will be used. Crucially at this stage, the NCSC also urges firms to take an honest view about just how long BYOD plans need to be in place, because “short-term solutions often start with the right intentions but can rapidly become long-term implementations that are not fit for purpose and difficult to remove.” 

Before we get to the NCSC’s second step, we want to provide additional guidance to ensure firms get the best possible start. It’s important for all firms to have an accurate understanding of the number of devices in their ecosystem. In our experience, it’s very common that it’s often double the amount they originally thought! 

Once all devices are known, you must understand the inventory and identify the status and vulnerabilities of devices without being intrusive to your users. Firms should consider a solution that collects only security information about devices – the less personal data collected, the better. An “agentless” approach to find out devices’ security posture is the best way to do this, as well as a solution that gives visibility of al

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

Read the original article: