Recently employees have begun asking, in some cases demanding, to use their personal smartphones, tablets and laptop computers at work. If you haven't faced Bring Your Own Device (BYOD) issues yet, you will, and you have to manage the change.
You can play the security card and attempt to prevent so-called consumerization, but good luck with that. Thirty percent of workers say they'd violate the ban, while 70 percent admit to regularly violating IT policies already.
Face it, people will use their own devices whether you have a BYOD program or not. In most cases, they paid for the devices, and their technology is better than yours. So why would you want to discourage them? After all, their smartphone and other devices allow them 24/7 access to email, calendars and other tools that make them more productive.
The good news is you can create a BYOD policy that will keep company data safe and help make employees more productive wherever and whenever they work.
It Isn't About Saving Money
If employees buy and use their own devices, you can save money, right? Probably not. The money you save on purchase costs, insurance and support contracts are generally offset by other costs.
There are infrastructure costs to support the higher bandwidth all these new devices demand. Employees may expect you to pick up part of the tab for service and support costs too. You'll also probably want some kind of mobile device management (MDM) software that controls and protects data and configuration settings on your network.
How a BYOD Policy Protects You
Without a formal BYOD policy, you risk:
- Violating labor laws due to employees working outside of "normal working hours"
- Being liable for files that are downloaded or shared illegally through your network
- Violating an employee's privacy
- Exposing data, such as medical information, credit card numbers and other information that you are responsible for keeping private
- Contaminating your network with malware and viruses
- Allowing network access even after an employee is terminated
- Encountering nightmares with other device and software support issues
Your program and policy has to make it clear who can BYOD, and if something goes wrong, who's accountable. (Fortunately, you aren't the first to think about these issues, so good guidelines exist.)
A Policy Document Isn't Enough
Changing technology and new threats require more than just setting out your BYOD policy in a pristine document that's signed and filed for posterity. The rapid pace of technology and changes in laws, which are racing to keep up, will require continuous updates to your policy.
Training is essential. An online course, classroom training and a one-on-one briefing for execs will help your people understand the risks and penalties—and that both are serious.
RELATED: Protect Your BYOD Workplace
Effective and inexpensive e-learning courses are available to help people make the most of their technology and also understand their limitations and inherent risks. Use them.
Manage the Program
Setting up network access, installing mobile device management software and arranging application access and security controls will take resources. You need to plan for it and fund it.
Also, managers and department heads have to be accountable for policy compliance, and your HR and legal teams need to be involved too. This isn't just an IT issue.
- BYOD is considered an employee benefit, so HR has to be involved.
- Your legal advisors have to understand the ramifications of using applications that could be considered spyware. In addition, the company needs to be able to remotely "wipe" employees' smartphones if they lose them or are terminated, but what if the employee's irreplaceable pictures of little Johnny are wiped out too?
Follow These Best Practices
Forrester Research helped 121 companies develop or refine their mobile policies. From that work they identified 15 best practices to keep corporate data secure, employees productive and happy, and costs down, while selectively embracing the consumerization of IT.
- Understand your organization's mobile requirements.
- Determine service and support options by workforce segment.
- Reserve the right to manage all mobile devices with access to corporate resources.
- Require installation of security profiles on the mobile device as a condition of access.
- Enforce strong security policies that prevent data security breaches.
- Consider disabling features and user activities in heavily regulated environments.
- Extend acceptable use policies to all current and future mobile devices.
- Determine a tiered reimbursement policy for voice and data service costs.
- Proactively monitor ongoing voice and data usage and expenses.
- Determine how users will be provisioned with enterprise-class applications.
- Require users to back up their own personal data.
- Ensure that everything that falls outside of I&O's technology control is baked into policy.
- Require users to understand and agree to an acceptable use policy.
- Address ramifications for noncompliance, and provide examples.
- Revisit the policy at least annually.
If you're ready to stop fighting BYOD and welcome it into your company, the key is to plan for it, manage it and make sure everyone—employees and managers alike—fully understand it.
Read more articles on technology in the workplace.
Tom Harnish is a serial entrepreneur. Always on the bleeding edge of technology, he learned what works (and what doesn't) leading projects, products and companies to success (mostly). He can't play a lot of musical instruments.