Since mobile devices are officially everywhere, there’s no way you’re keeping them out of your business. Not that you would even want to try—mobility is an ingrained part of daily life, which means it’s an ingrained part of business life.
For IT pros, it’s all about managing the mobile device onslaught. To that end, many businesses are launching bring your own device (BYOD) policies for employee-owned mobile devices. Companies that put a BYOD policy in place can reap a variety of benefits, but many executives and IT leaders still struggle with concerns about security, intellectual property leaks and the remote management of mobile devices.
Does your business need a BYOD policy? Here are some positives to consider in letting employees use their own devices:
But a BYOD policy may have some risks, starting with the possibility of the employees losing their devices loaded with the company’s proprietary information. Employees may dislike it that their employer has control of their personal mobile device. Many don’t trust employers with their personal data, fearing it could be used against them later in a dispute.
What if an employee uses a mobile app to monitor her medical or financial information, and she does not want her employer to know these details? Private information like personal email accounts, personal photos, calendars, etc. could be exposed if an employer takes control of a smart device. If an employer does not manage employees’ expectations or adequately disclose its intentions upfront, employees have reason to be concerned about their personal privacy.
What employers can access on an employee’s personal device should be defined in as much detail as possible in your BYOD plan. An employer may retain the right to remotely lock or disable an employee’s device, to remotely delete data contained on the phone or the right to any of the following:
A solid BYOD policy will indicate when or how often the employer will execute any of the actions outlined by the policy. If a company’s policy includes vague language that leaves employees unsure of when or why access is made to the personal device, it might be legally challenged.
When employment is terminated, a company will remove its data from an employee’s personal device before the employee departs. A business may require the employee to submit the device to the IT department, or it may just observe the employee deleting the data themselves. Employees likely will be disconnected from the data network. Employers should make sure employees understand the process. The challenge is to time it so that employees who have valuable company data will not export the information to a flash drive or personal laptop.
Many businesses are looking to cloud-based solutions to solve some of the most sensitive BYOD policy issues. A good platform provides access to company data from any mobile device securely using encryption. Encryption not only secures data from outside attacks, but it also protects data if the mobile user accidently or unknowingly installs a virus that may leak information to an unauthorized user.
But one of the more important uses of cloud encryption protocols is the ability to lock access to sensitive company data at the file level, rather than the device level. When the employee is terminated, administrators revoke access to the file and change the access methods, making the data inaccessible and secured again. This can also render data already on the mobile device useless, as it can no longer be opened by someone who may have picked up a lost device.
Having a solid BYOD policy and implementation strategy will instill trust between a business and its employees. It’s vital that the BYOD policy you choose to craft is carefully monitored as your business evolves. Keep in mind that there is no one approach to BYOD, and there is always room for improvement.
flickr photo by Jose Carlos Perizo Perez https://www.flickr.com/photos/josek/4313570551/ shared under a Creative Commons (BY) license
flickr photo by Blondinrikard Froberg https://www.flickr.com/photos/blondinrikard/14877666112/in/photostream/ shared under a Creative Commons (BY) license