The FBI’s Portland, Oregon office has published an advisory discussing best practices for organizations that have a “bring your own device,” or BYOD, policy. The advisory indicates that ideally personal devices wouldn’t be used, but acknowledging that they often are it recommends beginning by establishing a written BYOD policy. BYOD provisions should installing special safeguards on personal devices to ensure protection against malware; full disk encryption – meaning all data on the device is encrypted; remote wiping of the device, in case it gets lost or stolen; and the ability to implement the timeliest updates. Devices should also include lockout features for excessive incorrect login attempts and default passwords and usernames should be changed. Finally, it recommends creating an incident response plan in case any of these protections fail, pointing to a video from the FBI that contains tips on drafting a plan. Read the advisory at the FBI.