To secure your network when employees use personal devices for remote work, mandate the use of a VPN for encrypted access and implement multi-factor authentication to strengthen identity verification. Deploy endpoint security solutions on their devices to guard against threats, and ensure all software is regularly updated and patched. Access to sensitive data should be controlled and monitored based on roles. Additionally, it's crucial to provide continuous cybersecurity awareness training to employees, educating them on potential threats like phishing and safe online practices.

I know this is a growing issue and the problem seems to be getting bigger. The use of personal devices on production networks is an area that I am still fully against. There are too many variables to control. BYOD connecting to non-production environments is OK, but these devices need to stay off of production networks unless you are using some type of Virtual Desktop or Enterprise browser. These solutions can be expensive, but the cost to manage and monitor personal devices is also expensive.

In the current era, considering the fact that any device connecting directly to a corporate network (Company owned or BYOD) is not safe, the best best is to implement a Gateway solution with Zero Trust policies implemented. The traffic is routed through https and not a direct VPN connection. This will not allow the device to be part of the corporate network directly but will allow to access internal components based on the role assigned to the user. The zero trust component will ensure predefined checks are done at the system level to ensure it is updated, encrypted, has AV, connected from a particular location and so on. BYOD should be considered as an added benefit where the security of organization data and user privacy is maintained.

To safeguard network security with personal devices for remote work: Device and Access Control Implement BYOD (Bring Your Own Device) policy Require device registration and approval Use Mobile Device Management (MDM) solutions Security Measures Encrypt data in transit and at rest Enforce strong passwords and 2FA Install company-approved antivirus software Network Protection Virtual Private Network (VPN) for secure access Segment network access with VLANs Monitor for suspicious activity Employee Education Provide security awareness training Establish clear usage guidelines Regularly update policies and procedures By implementing these measures, you can effectively protect your network from security risks associated with personal devices.

I would consider moving to a Zero-Trust network architecture where all services and servers are hardened, and trust nothing by default. This will strengthen the security position, even with trusted devices as all devices are treated as not trusted. VPN by default trusts the device (and thus the user) is secure and provides a wider attack surface