When To Let Your Employees BYOD
The Bring Your Own Device (BYOD) phenomena blossomed when innovation for consumer technology products grew exponentially and eventually filtered down to business technology. Consumer products, such as smart phones, offer powerful mobile applications that make everyday communication, collaboration, and access to information faster and easier; it’s no wonder people wanted to harness these capabilities for their workplace.
Three Reasons You Should Implement A BYOD Policy
Your employees are most likely already using their own devices at work or for work purposes, and there’s no indication that this trend is going away, so having a BYOD policy in place is crucial.
The benefits of BYOD:
• Reduce Your Costs. A company that supplies devices for employees who work from home or frequently travel can be expensive. With an employee supplying their own devices, the cost of upgrading and maintaining hardware is no longer left to the company.
• Increase Your Employee Productivity. Employees are more familiar and comfortable with their own devices. If you provide them with a device that is completely different than the one they currently use, employees may genuinely not like it, resulting in a slower adoption of the device.
• Mitigate Risks. As I stated above, and as we’ve seen with the Hilary Clinton scandal, employees using they own device for work is going to happen, if it’s not already happening. By creating a specific BYOD policy, your company can have oversight and rules in place for those devices. Make it a policy where “if you want to use your personal device for work, you will have this antivirus, go through this BYOD training course, and have a password or key code lock at all times.”
What Should Be Included
A BYOD policy needs to have rules put in place that dictate how the devices can and cannot be used, and the consequences of not using them in an appropriate manner.
Your policy should include clauses pertaining to:
System updates should be made promptly when available because many updates hold patches for security issues or holes.
A statement describes who pays for what will help cover any gray areas and eliminate any problems that may arise. If the company pays for the phone and the monthly bill, then who pays for any minute or data overages, or for personal apps?
• Information and Data Transmissions
Detailed description of how work related information and data can be transmitted through the device. Can they only use work email, or is personal email okay? What about text, or other multimedia services that have very little oversight or security?
• Security two factor authentication
All devices need to have a key code or password to access, but so do work related applications and folders. Two factor authentication is key.
• Loss of device or termination of employee
If a device is lost, damaged, or stolen who will be liable, the company or the employee? Make sure to state that the company must be notified as soon as possible after an event like this, to ensure that the device is remotely wiped of all data. Also have a clause pertaining to the termination of the employee. What happens to the device and the data that is stored on it? Is there a process that must be followed?
Monitoring Your Policy
After creating your BYOD policy, you will need to monitor whether or not your employees are actually following it. Through a service, like Microsoft Office 365, you can set up controls that the employee has to agree to when they download email on their smart phones. These kinds of services can also allow the company to wipe the device remotely whenever needed, which is important if the device is ever lost or stolen.
Get A Policy Now
Every company needs a BYOD policy, even if the policy simply states that the use of personal devices is prohibited at work. By doing this you will be able to eliminate any possibility for confusion on where your company stands with personal devices and their use. This is extremely important for HIPAA or any other compliant companies.
You should evaluate your company’s stance on BYOD, and figure out the best policy for your staff to be happy while maintaining security, which can be done by determining the balance between cost, productivity, and risks that works best.
IT should not be a gatekeeper holding your company back from new technologies, it should be the resource that enables your staff to get their job done in an effective and efficient way.
Posted By: Casey Murdock, Director of IT Services