10 ways to meet BYOD security requirements
1. Review your current security policies for web applications (CRM, email, portals), VPN and remote access. Most, if not all, of these will apply to mobile devices as well.
2. Determine which devices you are willing to support — not all devices meet the security requirements of your healthcare organization, nor do you want to have to test all possible platforms. Also, physically inspect each device and make sure it hasn’t been jailbroken or rooted.
3. Set expectations clearly. IT may have to radically change physicians’ mindsets. Yes, security adds additional layers to wade through, but what havoc would a security breach cause?
5. Make a personal identification number, or other client authentication, mandatory. This hampers ease of use, but is the first line of defense against a lost device.
6. Enforce encryption of data at rest; any apps that download and store data on the device should protect that data. If a PIN or passcode is cracked, you want to make sure that data is still protected.
7. With hundreds of thousands of apps available, which will you permit? Are there any specific applications or class of applications you want to keep off the device? This can be hard to do, but malware and rogue apps can do serious damage without users realizing it.
8. Provide training to physicians and hospital staff to make sure they understand how to correctly use their applications, make the most of their mobile capabilities and watch for suspicious activity. Once you’ve embraced BYOD, promote it.
9. As mobile devices become conduits for information to flow, look for apps that include auditability, reporting and centralized management. Many current apps will not have this feature, but those that do will be easier to trace back any potential breaches.
10. Consider mobile device management software that can provide secure client applications like email and web browsers, over the air device application distribution, configuration, monitoring and remote wipe capability. Note that some MDM providers require applications to be re-written specifically to support their platform, so you may find some of your applications will not run in the MDM solution you pick.
via Becker’s Hospital Review