Since mobile devices are officially everywhere, there’s no way you’re keeping them out of your business. Not that you would even want to try—mobility is an ingrained part of daily life, which means it’s an ingrained part of business life.
For IT pros, it’s all about managing the mobile device onslaught. To that end, many businesses are launching bring your own device (BYOD) policies for employee-owned mobile devices. Companies that put a BYOD policy in place can reap a variety of benefits, but many executives and IT leaders still struggle with concerns about security, intellectual property leaks and the remote management of mobile devices.
Benefits of BYOD
Does your business need a BYOD policy? Here are some positives to consider in letting employees use their own devices:
- Improved productivity: Most of us are desperately attached to our smartphones. We are constantly aware of notifications, whether it’s Facebook or email. As mobile devices are always available, so are company emails, calls or even texts. There is the expectation that employees, who are carrying a mobile computer everywhere they go, quickly respond to company requests and other communication. This has proved to be a boon to productivity, improving workflows and making the company more agile.
- Cost savings: Supplying every employee with mobile hardware is not cheap. For some companies, estimates can reach a half million dollars to buy and support 1,000 tablets. Some IT departments find they can support more than twice the number of user-owned tablets within the same budget. For a large company, the expense of supporting an employee-owned tablet is often about the same as supplying a company-owned unit. But the company can save on up-front costs by not having to reimburse employees for voice and data plans.
- Consistency across platforms: Creating a standard policy for your business can greatly simplify deployment of data via mobile platforms without trying to support multiple operating systems and software architecture. It can also help save money. Sticking to iPhones and Androids for instance, would eliminate the expense of having to support Windows Phone.
- Employee privacy protection: BYOD policies represent a thoughtful process of protecting the user’s personal and private information. Having a BYOD policy addressing private data makes staff more comfortable. This helps instill employee trust when it comes to allowing company officials to administer and install data software and access methods. For example, some BYOD policies promise a backup of an employee’s private information, wiping the phone, then restoring the private information for the user while promising never to look at personal photos or texts and deleting the backup immediately.
But a BYOD policy may have some risks, starting with the possibility of the employees losing their devices loaded with the company’s proprietary information. Employees may dislike it that their employer has control of their personal mobile device. Many don’t trust employers with their personal data, fearing it could be used against them later in a dispute.
What if an employee uses a mobile app to monitor her medical or financial information, and she does not want her employer to know these details? Private information like personal email accounts, personal photos, calendars, etc. could be exposed if an employer takes control of a smart device. If an employer does not manage employees’ expectations or adequately disclose its intentions upfront, employees have reason to be concerned about their personal privacy.
What employers can access on an employee’s personal device should be defined in as much detail as possible in your BYOD plan. An employer may retain the right to remotely lock or disable an employee’s device, to remotely delete data contained on the phone or the right to any of the following:
- Access the device
- Access phone records or contacts
- Access social media or other account username and passwords
- Monitor GPS and location information
- View web browsing history
- View pictures, video or other media
- View personal emails
- View chat and messaging histories
- Limit the use of cloud services
A solid BYOD policy will indicate when or how often the employer will execute any of the actions outlined by the policy. If a company’s policy includes vague language that leaves employees unsure of when or why access is made to the personal device, it might be legally challenged.
When employment is terminated, a company will remove its data from an employee’s personal device before the employee departs. A business may require the employee to submit the device to the IT department, or it may just observe the employee deleting the data themselves. Employees likely will be disconnected from the data network. Employers should make sure employees understand the process. The challenge is to time it so that employees who have valuable company data will not export the information to a flash drive or personal laptop.
The Tools You Need
Many businesses are looking to cloud-based solutions to solve some of the most sensitive BYOD policy issues. A good platform provides access to company data from any mobile device securely using encryption. Encryption not only secures data from outside attacks, but it also protects data if the mobile user accidently or unknowingly installs a virus that may leak information to an unauthorized user.
But one of the more important uses of cloud encryption protocols is the ability to lock access to sensitive company data at the file level, rather than the device level. When the employee is terminated, administrators revoke access to the file and change the access methods, making the data inaccessible and secured again. This can also render data already on the mobile device useless, as it can no longer be opened by someone who may have picked up a lost device.
Having a solid BYOD policy and implementation strategy will instill trust between a business and its employees. It’s vital that the BYOD policy you choose to craft is carefully monitored as your business evolves. Keep in mind that there is no one approach to BYOD, and there is always room for improvement.