Over the last couple of years, there has been a great deal of discussion related to “bring your own device” or BYOD. Proponents cite increased productivity as a critical benefit, while opponents worry primarily about security risks. Some organizations have been shocked to discover that although they never conveyed a policy permitting employees to use their personal devices for business, many were doing so extensively. Considering that few of your employees do not own a smartphone, laptop, tablet or other mobile device, creating a policy to guide you — and them — makes sound business sense.
- Step 1: Decide whether you will allow employees to bring their own devices. If you have specific reasons for banning BYOD, such as regulatory requirements or a wealth of proprietary data, you need to communicate to your employees that they cannot use their personal devices to access your network or cloud applications. If employees clearly understand that the practice is prohibited, they will be more likely to comply.
- Step 2: If you decide to support BYOD, assess potential risks. Employee devices could be lost or stolen, or the employee might engage in risky activities, such as downloading an infected app that could potentially introduce malware to your network. Based on your risk assessment, determine precisely which behaviors you will allow. For example, you might prohibit employees from storing files on their mobile devices or restrict the databases that employees can access.
- Step 3: You might need to consult your legal advisor to ensure that the wording in your policy is acceptable. Basically, you need to exert your ownership of the processes and data that employee’s access. You should retain a right to audit personal devices, either physically or remotely, but this can lead to some concerns over the employee’s right to privacy. You might consider using a mobile device management tool to allow you to scrub a lost or stolen device, apply authentication certificates or restrict the applications each device can access.
- Step 4: Write a policy in unambiguous terms that clearly communicate the rules that employees must follow. Perhaps you only want to support certain devices, such as laptops, or certain platforms, such as iOS. You should also include any specific approvals and restrictions, such as permitting employees to access their corporate email account, denying them access to human resources records or allowing them to access warehouse inventory levels.
Clearly communicating your BYOD policy — or stating that you do not permit the practice — is extremely important in today’s connected age. If you need more help with establishing or managing your BYOD policy, the team members at PhaseAlpha have the experience and knowledge to help. Our email is info@phasealpha.com, or you can reach us by phone at (913) 648-9200.