The lowdown on bring your own device policies
By Alex Tanglao, Last updated: 2021-05-31 (originally published on 2017-07-21)
Bring your own device (BYOD) policies are increasingly popular among companies both big and small for a range of reasons. Startups and small businesses may not have the resources to invest in the necessary digital devices for every new employee they hire, while employees in larger companies which issue a new laptop to every employee might prefer to use a device they are familiar with. With the average employee more eager to use his or her own personal device than before, it is crucial that companies give careful thought to whether to implement a BYOD Policy and how to go about doing so.
What is a BYOD Policy?
A Bring Your Own Device Policy is a set of rules governing the use of employee-owned electronic devices at work, including devices such as personal computers (PCs), smartphones and tablets. A BYOD Policy will outline the company’s position and governance on the use of such devices and will ensure that the company’s network security is not compromised.
Source: IT Training Solutions
Should I implement a BYOD Policy?
It is important to weigh both the benefits and the risks of a BYOD Policy for your company before making your decision.
Some of the benefits of a BYOD Policy include the following:
- Increased productivity: As employees are more familiar with their own devices, they will be able to work more productively using a device that suits their own needs as opposed to learning how to navigate an operating system that needs getting used to;
- Lower costs:Providing company-issued devices to every new employee incurs significant costs, and removing this category of expenditure would free up resources;
- Convenience: Rather than travelling with several devices to satisfy their home and work needs, employees can simply work with a single device.
The challenges and risks of a BYOD Policy include the following:
- Cost: While some startups think of BYOD policies as a way of cutting costs by avoiding having to incur expenditure on company-issued devices, employees would expect the company to cover the work-related costs associated with using their own devices. This would include the cost of data plans, business-related phone calls, or the costs of onboarding users and their devices;
- Policy & training: Any employee using his or her own device would inevitably have to adhere to certain guidelines or limits that your company imposes. It would be beneficial for your company to provide training or online educational tools to educate your employees about these expectations, so as to ensure employees take proper care of corporate data and are aware that exposing the company to potential legal risks is unacceptable;
- Security: Given that you are potentially giving your employees the opportunity to access confidential information and sensitive data on their own devices, it is important to put in place the proper protections to secure such information. This includes identity authentication and steps to take should an information breach occur;
- Privacy: While you may wish to exercise some degree of oversight over the way your employee accesses and manages information on his personal device, it is important that the management system you put in place does not infringe on your employees’ privacy.
Adapted from Search Mobile Computing
Ultimately, it is a matter of weighing up whether your company can afford to manage the risks and costs associated with implementing a BYOD Policy.
How can I implement a BYOD Policy?
Other than briefing your employees who have opted to bring their own device on your expectations and the relevant company procedures, it is crucial to put in a place a formal BYOD Policy to ensure that everyone is on the same page. A BYOD Policy sets out your company’s rights in determining how data should be used and protected, including during the period after the employee no longer works for your company.
In addition, a BYOD Policy defines the rights and duties between your company and your employees. The BYOD Policy should lay out clearly what the permissible and impermissible uses of personal devices on the corporae network are, as well as the terms of eligibility for using your own device and the supported devices and app.
To balance between exercising oversight of your employee’s access of sensitive data and your employee’s right to privacy, it is important to define your company’s right to access your employee’s device for security reasons. It is also important to determine the relevant procedures should something go wrong, such as the disciplinary consequences for policy violations like a breach of data.
When drafting a BYOD Policy, it is important to focus on a number of key clauses, in particular:
- Details of your company;
- Details of the employee who is acknowledging and signing this policy;
- Activities included as acceptable business use;
- Video or camera capabilities allowed on the device;
- Applications allowed while using the device;
- Excluded applications while using the device;
- Manner by which the passwords are controlled; and
- Amount of time before the device is locked if idle.
Do you have any tips for implementing a BYOD Policy?
Share with us in the comments below!