Companies that allow employees to bring their own devices should use network access management techniques to stay out of legal trouble.
Some companies see allowing BYOD as an easy solution to device management headaches. But if your company allows BYOD, it means that users are connecting to the Internet and other corporate resources from their
Make sure users [on your network] know their activity can be traced back to them.
At the very least, you should have users access a portal page before they connect to the Internet. On that portal page, you can set the terms and conditions of Internet usage. Your company's legal position is a lot better if the user has clicked an "I Agree" checkbox where he agrees not to be involved in illegal activity before connecting to the network.
But that isn't enough if you really want to prevent users from doing anything illegal. In addition to the portal page, consider other network access management methods: Ask yourself if you really want to allow just anyone to access your network, or if you would rather limit access to authenticated users only. The latter provides increased security. To make sure that only authenticated users access your infrastructure, it's a good idea to use an authentication page where users identify themselves. It would be even better to distribute an authentication code that expires after they have identified themselves.
Also make sure users know their activity can be traced back to them. A user who is aware that you can observe his actions will think twice before getting involved in anything illegal while on your network. If you need to provide network access to temporary users, distribute temporary accounts. There's nothing wrong with handing out accounts that expire after one day.
Network access management tools
After granting access to the network, it's still a good idea to implement some security. If the portion of the network that you let BYOD users access is a public zone or guest network, the security measures don't have to be as elevated. Typically, users can't access corporate servers from the part of the network you allocate to BYOD users anyway, so there's no need to add additional protection to the servers. But use network monitoring to scan for abnormal activity. A simple tool that identifies the most active devices might be enough to help you find users that are trying to do malicious things from their devices.
If you're looking for more in-depth information, consider a tool that scans network usage patterns, such as an intrusion detection system. Make sure to configure this tool so that you can easily pick out abnormal patterns, which helps you see when and if anything goes wrong with the security on your network.
This was first published in October 2013