23 Jan 2019

Bring your own device (BYOD) is an asset policy that an organisation refers to the policy of permitting employees to bring personally owned devices to their workplace, and to use those devices to access privileged company information and applications. Organisations may choose to adopt this policy to help reduce costs and increase productivity. Devices include mobile phones, tablets, laptops and any other devices used for business. It asks staff to use their personal devices for business purposes and carries many benefits however it is not without consideration.

Before adopting a policy like this it is important to consider the benefits and considerations and craft a policy that suits your business needs, your culture and your team. It is always advisable to document this policy to protect your employees and your business.

 

Hardware and support costs

The purchase and maintenance of hardware is a considerable strain on the bottom line. BYOD means a significant reduction in not only capital expenditure but potentially maintenance / support costs as well. This relieves pressure on the IT department as personal devices are generally maintained by the user.

Ease of use for staff

When staff get a new device supplied by the organisation, there are typically teething issues and time lost loading information, getting familiar with the device and adjusting settings to be suit the individual’s needs. When you get your staff to use their own devices they have the benefit of familiarity. This also means that staff do not have to carry, keep charged and care for multiple phones and laptops, i.e. personal and work devices – something that can become frustrating.

Monthly service charges

Paying for and maintaining service charges on mobile phones and internet enabled devices can accumulate into a large monthly expense. Since most plans these days include unlimited calls and texts, it does not cost the employee any more to use their personal number to conduct business but does save the company a sizeable amount. It is however important that you are aware and consider the amount of data an employee would consume conducting business from their phone and offer relief such as WIFI in the office to mitigate any excess usage charges. You should also be mindful that some employees will not want to use their devices for business use.

Increased engagement

With your employees having access to their work emails and other programs from their personal devices you will probably see an increase in their engagement when they are not in the office. This can be a double-edged sword as a quick response to an email late at night might help tasks move along but if the employee feels ‘badgered’ by emails and calls in their personal time they may start to feel resentment.

For example - some people like to be able to monitor emails and keep track of what is going on while they are on leave, but others prefer to completely disengage from work and maximise their break. It is essential that this is considered, and you communicate with your team that they are under no obligation to check their emails or answer phone calls out side of work hours. This will be governed by the organisations policy that is adopted.

Network security

As so much business is now conducted over the internet, data conscious employees will be tempted to connect to WIFI where possible. While they will certainly connect to their home WIFI, they may also connect to public WIFI in coffee shops and shopping centres leaving the company information that is stored and accessed through their device vulnerable.

Security software

Unless the company maintains the device personally, you cannot guarantee the existence or quality of security measures adopted on the device. Consideration should be given to the type of information stored on the devices as this may be a source of data leakage if the device is lost or incorrectly secured. Although we would hope that most people have passwords, multifactor authentication, antivirus and antispam software on their devices, it is possible that this does not occur.

It is advisable to ensure that your BYOD policy outlines expectations around the security of any device that holds company information. It is perfectly reasonable to expect your staff to have passwords and other authentication on all their devices and for them to notify you should there be a breach to or theft of the device. This notification will allow you to secure your company data as promptly as possible. Several software solutions exist for assisting with managing and mitigating this risk. Again, this will be governed by the organisations policy that is adopted.

People leaving

Unlike in the past where you could take someone’s Rolodex when they left the company, these days employees will leave with all your client contacts and other company information on their devices. As you cannot confiscate the device, you may be forced to trust that your former employee will act in a confidential and ethical manner and remove the sensitive information as a part of the exit process. As with security, several software solutions exist for assisting with managing and mitigating this risk which can safely remove some sensitive information without impacting the user’s device.

 

There are many things to consider when you are looking at bringing in a BYOD policy. It works for many businesses and their employees but should be implemented in a considered fashion. Some companies choose to make it optional and others offer an allowance to assist the employees with the maintenance of their devices.

Whatever you do, think it through - establish policies, include them in your induction and regularly remind staff of security concerns.

Remember: plan, implement, educate, and review

 

Subscribe for more articles like this

* indicates required