As technology evolves and more individuals adopt smart devices for personal use, many companies find that a bring your own device, or BYOD, policy is the most cost-effective way to support a mobile workforce. Allowing employees to use the devices they already own cuts down on overhead costs and allows them to work more efficiently.
However, using personal devices to tap into a company network also comes with some risks. Understanding those risks is the first step in creating an effective BYOD policy. Although every situation is different, there are some common elements that should be considered.
8 Essential BYOD Policy Elements
- Device support - Decide which device types and brands your company supports. Is your IT team well-versed in both Mac and PC? If not, you might want to limit the support of personal devices to one operating system.
- Security policy – If you allow personal devices to tap into your company network and hold valuable data, you need to ensure that it is protected. Create a security policy that includes guidelines for passwords, encryption, data backup, and any other practice you use to protect your company data.
- Service policy - Your IT staff is not paid to support personal devices. However, the line gets fuzzy when you allow employees to bring their own devices. Define what types of service and support your IT staff will and will not do for personal devices.
- Data ownership - With a BYOD policy, you can expect that employees will have personal data, photos, apps, and other content in addition to whatever company data they keep on the phone. Set clear parameters for what will happen in the event of theft or device damage. Will the employee be able to access any data backups that were performed at work? Will you be able to wipe the phone of all data (both personal and business) in the event of a breach?
- Software ownership - Some business software comes with apps for mobile devices. For example, Adobe Creative Cloud also has touch apps for mobile devices. If an employee installs an app like this, make sure you have a policy in effect to prevent access to it if necessary.
- App control - To ensure the integrity of your network, you might want to ban certain apps that could pose a security risk. You will also need to consider how you can enforce these bans.
- Acceptable use – Browsing certain sites or transmitting personal data while connected to company network could lead to potential legal issues or sending inappropriate material. Consider how you will address this as you develop your BYOD policy.
- Employee exit strategy - What happens to company assets on a personal device when an employee leaves? You need to decide in advance how this will be handled and communicate it clearly to employees so they will be prepared.
Before you adopt a BYOD policy, consider all of the potential consequences. For example, if you have a salesperson that uses a personal devices to interact with customers, those customers are using a phone number that the employee owns. What happens to that line of communication if that employee decides to work for a competitor?
It is clear that a bring your own device policy is not always simple, but it is equally evident that the BYOD trend is growing in the business world. If you need help creating or implementing a BYOD policy for your company, contact the experts at MelroseMAC today.
What is your existing BYOD policy?