Bring Your Own Device (BYOD) systems can be an amazing tool for businesses or schools looking to increase productivity and reduce cost. According to a study by Forbes, 42 percent of those who use their own devices at work say their efficiency and productivity have improved. More so, a study done by Cisco estimated that organizations save an estimated $3,150 per employee per year with BYOD. Also include here that it can save organizations a lot of money, as the alternative of managing your own devices can cost a ton (purchasing devices, maintenance & staffing, MDM licenses…etc)
But before you scramble to start a BYOD program, you need to be ready to handle the responsibility of having potentially thousands of devices logging on to your wireless network. Onboarding users effectively,efficiently, and safely is of the utmost importance and can be done relatively easily if the following practices are utilized.
Choose WPA2-Enterprise Network
Your first step is choosing a viable network type; for any BYOD system, the industry standard is a WPA2-Enterprise network. Deploying WPA2-Enterprise network requires a RADIUS server, which securely handles the task of authenticating network users access.
The downside of using a WPA2-Enterprise Network is it can require more involvement to successfully onboard new users. A common mistake that we see are organizations having new users follow a set of predetermined instructions to join a network, but human error can easily lead to poor user experience, or worse, put an entire network at risk. Luckily, SecureW2 can provide configuration software for organizations who aim to make security a priority.
Choose an Effective Authentication Method
Unfortunately, choosing a WPA2-Enterprise network does not necessarily make your network secure. Often we find that users aren’t configuring their devices properly for Server Certificate Validation, which can leave users vulnerable to fake access points and Man-in-the-Middle Attacks that trick users into giving away their credentials.
The authentication method that is most highly recommended is an EAP-TLS protocol. This first-rate authentication method authenticates a device’s certificate or credentials in an EAP tunnel, protecting it from over-the-air credential theft attacks. Once a user onboards on a network utilizing EAP-TLS, the risk of connecting to an illegitimate network becomes virtually nonexistent.
Don’t Rely On Manually Configuring Devices
Reducing user-error whenever possible is paramount to having a successful BYOD system. Relying on the user to properly configure manually can potentially compromise the entire network should they fall victim to a man-in-the-middle attack.
This type of nightmare situation can be put out of mind through the use of an automated solution. Automating the onboarding process is much easier on the IT admin and end users. End users now can correctly configure the secure wireless network with just a few clicks, virtually eliminating any misconfiguration security risks.
SecureW2 has spent years developing state-of-the-art onboarding technology ensuring every device on the network is correctly configured for WPA2-Enterprise. Using the tools SecureW2 provides, you can successfully and safely implement a BYOD network that can maximize your companies productivity.
SecureW2 offers affordable options for organizations of any size to start a BYOD system. Click here to inquire about pricing.
*** This is a Security Bloggers Network syndicated blog from SecureW2 authored by Eytan Raphaely. Read the original post at: https://www.securew2.com/blog/3-best-practices-for-onboarding-byods/