Having an effective BYOD policy has become an essential part of doing business today. Two-thirds of employees now use their own devices at work regardless of their company’s BYOD policy, a Microsoft study found. And the BYOD market will continue to increase over the next few years.

This increased BYOD adoption brings with it new security challenges for businesses. Every employee device on a network increases the risk of a lost or stolen device, use of an unsecured connection, downloading a malicious app and other risks. But few companies are addressing these increased risks as they lack a signed BYOD policy.

Exposing your company to this unnecessary risk can be avoided by implementing a secure BYOD policy. Here are four keys to making sure you have a BYOD policy that keeps your company’s data and finances secure.

Secure employee devices

Lost and stolen devices are the leading cause of business network breaches, accounting for 25.3 percent of data breaches since 2006. This makes securing employee devices an essential part of an effective BYOD policy. The best way to make sure employee devices are secured is to require employees to use strong security login settings.

A passcode or password should be a minimal requirement. Biometric identification methods such as fingerprints and facial recognition can add strengthened security. Biometric authentication methods are only as secure as the sensors and input methods used to collect the authenticating information.

Make use of cutting-edge devices with mobile processors like those from Qualcomm. The Snapdragon series includes its own security suite that employs camera security technology to make sure that only the authorized user can access the device’s information.

In the event that an employee device is lost or stolen, or in case an employee leaves the company, you should employ a mobile device management (MDM) solution so that you can remotely lock or wipe devices. Android and Apple offer MDM apps for their devices, or you can use an advanced MDM solution such as MobileIron Advanced Management, which provides a central console you can use to manage remote devices.

Use secure networks

An employee device can become compromised by connecting to an unsecured network, such as a public Wi-Fi network. Requiring employees to use secured networks can safeguard against this vulnerability. Implement a policy that requires employees to connect through an encrypted virtual private network (VPN), a private Wi-Fi network or a tethered phone network.

For more advanced network protection, you can use a solution that allows you to create unique security profiles for individual employees. For instance, Cisco Identity Services Engine lets you customize access based on the type of user and device, user location and time of day.

Require approved apps

Mobile apps containing malicious code cause the greatest concern for IT professionals. Employees can introduce malicious code by downloading apps from unauthorized sites or by jailbreaking devices.

To reduce this risk, prohibit employees from using jailbroken devices, and use a mobile application management (MAM) system to control which apps are allowed on your network. For example, Citrix XenMobile lets your organization set up your own app store, from which employees can download approved apps.

Use encryption and containerization

Unsecure data is an inviting target for cyber thieves. Using encryption can make it mathematically almost impossible for hackers to access your data. Encryption is activated by default on iPhone devices when you set up a PIN code or password. On Android devices, encryption can be enabled under device security settings.

You can further protect data by partitioning company data off from personal data, a security strategy known as containerization. You can implement containerization on employee devices by using a mobile content management (MCM) solution. Kaspersky Lab Security for Mobile includes containerization technology along with a suite of other security features.

A BYOD policy can benefit your company in many ways. Just make sure to take the above precautionary measures to get the most out of the policy and keep your company information safe.