To BYOD, or Not to BYOD

Bring Your Own Device?

More and more firms are allowing the use of personal technology in the office. The “Bring Your Own Device” notion has pros and cons, but usage within North American firms is on the increase. If a firm chooses to get on the bandwagon, it is important to consider the implications.

For the employee, using a single device has a number of benefits. It allows the individual to use the device and platform they genuinely want. Personal users tend to upgrade more frequently than companies, so the individual has current technology, more often.

BYOD users are more satisfied. In the work environment, a BYOD policy may increase employee morale, productivity, access to employees and convenience. And it can help make firms look attractive to current and prospective employees. Interestingly, many employees are happy to pay for a device and data plan even though the phone or tablet is used for work. The net result for many firms is a decrease in overall telecommunications costs.

So while there are definitely benefits to the employee and the firm, a BYOD environment poses a risk to a firm’s data and network security.

The Risks

If employees use personal devices to access sensitive or proprietary information, the data may be at risk in instances of device theft or employee loss (especially to competition). Additionally, the exposure of a personal device to risky networks or files (i.e., viruses or malware) may increase chances of network security issues within the office.

There are also data-ownership considerations. If an employee uses a personal cell phone for work, it may contain sales contacts, proprietary information and documents, proprietary apps, or firm-licensed apps. If the phone or the employee is lost, the proprietary data is now contained on a device that is not within the control of the firm.

About BYOD Policy

Studies (see Good Technology’s link below) indicate that BYOD usage in the workplace is on the rise. A firm’s best option is to consider, design and implement a BYOD Policy that covers the important facets of personal device usage within the workplace. The policy should be informed by the specific business, sector and IT environment. Developed in conjunction with HR, the BYOD Policy should spell out what is expected of the employee and the employer, as well as information regarding the approved devices, available apps and the firm’s rights with regard to data.

Policy Basics

The following general categories outline some of the basic information that could be included in a BYOD Policy.

  • Protection: Outline the password, encryption and locking stipulations for personal devices.
  • Employee Responsibility: Develop regulations for device compliance, software updates, and specific security protocols.
  • Employer Responsibility: Outline responsibility for support, loss and repair of devices. If included, spell out stipulations for data allowances, payback, device insurance, etc.
  • Data Ownership: Spell out the firm’s data ownership, privacy and access policies with respect to personal devices. Make sure to include customer data (i.e., customer telephone numbers).
  • Remote Wiping: Include information on remote wiping of a device’s data (if the phone is lost or the employee leaves) making sure to stipulate what information will be deleted and that personal data may be lost.
  • Device Inclusion: List the types of personal devices and platforms that are currently allowed within the work environment. BYOD are predominantly smartphones and tablets, but the use of personal computers inside a work environment poses a larger set of security and data-ownership issues!

Want to Read More?

Here are some links to more information about the growing BYOD trend. ​