FBI Portland
Beth Anne Steele
(503) 460-8099
March 3, 2020

Oregon FBI Tech Tuesday: Building a Digital Defense with BYOD

The FBI has launched the “Protected Voices” initiative to help 2020 political campaigns and American voters protect against online foreign influence operations and cyber security threats. The Protected Voices campaign includes information and guidance from the FBI, the Department of Homeland Security, and the Office of the Director of National Intelligence.

This FBI Portland Tech Tuesday report is adapted from the Protected Voices initiative with a focus on providing cyber security information to political campaigns as well as businesses and individuals in Oregon. More information on all aspects of the initiative, including video downloads, can be found at www.FBI.gov/ProtectedVoices.

Welcome to the Oregon FBI’s Tech Tuesday segment.

This week: building a digital defense when BYOD is the name of the game.

Whether you are running a business, a non-profit, or a political campaign, sometimes you can’t help but allow your employees and volunteers to BYOD—Bring Your Own Device.

Ideally, personal devices wouldn't be used, but sometimes this can’t be helped. If your organization uses personal devices, start by establishing a written “bring your own device” policy.

BYOD provisions should include installing special safeguards on personal devices to ensure protection against malware; full disk encryption—meaning all data on the device is encrypted; remote wiping of the device, in case it gets lost or stolen; and the ability to implement the timeliest updates.

Devices should also include lockout features for excessive incorrect login attempts and default passwords and usernames should be changed.

Another way to keep your organization’s communications private is to use an encrypted app for secure messaging. You can easily find reputable, secure group messaging apps with a little research. If you use a secure messaging app to harden your communications, encourage all of your staff to also use that same app.

BYOD provisions are often called ‘endpoint protections’ because they’re designed to protect the devices furthest outside of a network—the endpoints. A reputable endpoint protection vendor will be able to give you a solution that also has the ability to monitor whether devices are remaining compliant.

Finally, create an incident response plan in case any of these protections fail—and review our video on incident response for some tips on drafting a plan at www.fbi.gov/protectedvoices

Having a plan and resources in place beforehand can be critical to minimizing or preventing harm when a crisis does hit.

Remember your voice matters, so protect it. Go to www.FBI.gov/ProtectedVoices for more information.