Bring your own device (BYOD ) is the practice of allowing employees to use their personal mobile devices in the workplace. According to ZDNet, at least 44% of organizations allow BYOD now and another 18% plan to be on board by the end of this year.
BYOD has plenty of pros:
- Cost effectiveness – obvious cost savings for businesses due to the fact that employees are purchasing & maintaining their own devices. A less evident benefit is that staff members are likely to be more careful with their personal devices thus saving maintenance and replacement costs.
- Increased productivity–allowing employees to work on their own devices from anywhere could translate to a more efficient work force.
So, of course, there must be some cons.
- Data Security – risks due to rogue cloud users, unregulated apps third-party apps, disgruntled former employees and similar issues are all potential threats to an organization’s sensitive data
- Physical Security – small mobile devices such as tablets and smart phones can easily be lost or stolen thus potentially giving the ‘finder’ access to your corporate network and sensitive company data
- Compatibility Issues – Android, iOS, Blackberry, Microsoft Windows mobile to name a few current platforms. With all the possibilities out there (not to mention what could be coming down the pike), devices brought by workers are likely to face compatibility issues.
- Legality Issues – organizations that are subject to compliancy rules such as HIPAA must observe these restrictions at all times.
What is needed for any company considering sticking their big toe into the BYOD waters is a well-defined, clearly written and easily enforceable BYOD policy. Most large corporations have likely addressed this issue but it imperative that all organizations despite their size consider implementing a policy.
So you need a clear, concise policy that all employees will sign on to. What should this policy address?
- List allowable and restricted devices and platforms. Prohibiting access to devices that do not meet some standard of security requirements is imperative. If possible, IT should inspect individual devices and to ensure they haven’t been jailbroken or rooted, thus compromising security.
- List mandatory and prohibited applications. Include a list of safe applications that would be beneficial to an employee’s production and the organization’s security. Defining those applications that could carry a security risk is also wise.
- Clearly define which employees (or groups of employees) will be allowed to use their own devices. For example, those employees who spend a vast majority of their work hours outside the office or facility will be granted permission, while those traditional in-house workers are restricted.
- List mandatory security measures. Requiring multi-layer password protection and use of data encryption will help. Some organizations require the use of an app like Divide which separates work and personal desktops on mobile devices. This can add an additional layer of security.
- Financial considerations should be defined. For example, who pays for repairs should a device become damaged while in use for business purposes? Who pays for voice and data charges?
- Clearly state the consequences of violating the organization’s BYOD policy.
Consider hiring an IT consultant with knowledge and experience in mobile technologies to assist your understanding the pitfalls of BYOD and how to avoid them.