Answer yes if your organisation has a process and technical solution that allows any lost or compromised laptop device to be remotely wiped.
If your organisation allows employees to access company data or services using BYOD endpoint devices, those devices must be protected with technical security controls before access is granted. This is typically achieved through a Mobile Device Management (MDM) or similar technologies that can enforce policies on personal devices.
From a security perspective, the key controls include:
Requiring a PIN or biometric-based lock with a reasonable lockout time;
Ensuring all devices are encrypted;Allowing company data to be remotely wiped if a device is lost or stolen;
Controlling the download and installation of applications;
Controlling the transfer of company data on and off the device, and between secure and non-secure areas on the device.
These controls can often be enforced using third-party MDM/UEM software or through built-in capabilities within enterprise platforms such as Microsoft 365 and Google Workspace.
There are a number of ways to enforce technical security controls on endpoint devices, including those owned by employees (BYOD).
Many enterprise platforms (e.g. Microsoft 365 and Google Workspace) include built-in Mobile Device Management (MDM) features that allow you to enforce policies such as screen locks, encryption, application controls, and the ability to remotely wipe company data if a device is lost or stolen.
If your existing platforms do not support these capabilities, you can use a third-party MDM/UEM solution to manage and secure both company-owned and employee-owned devices across your environment.
If you would like to contribute to this article or provide feedback, please email knowledge@riskledger.com. Contributors will be recognised on our contributors page.