Your BYOD policy: eleven best practice tips
By Catherine McFarland • 15 May 2014
Bring your own device (BYOD) is a term that refers to employees using their personal computing devices - such as a smart phone or tablet – for work.
Businesses have enjoyed the freedom, flexibility and speed that comes with BYOD. But there’s a darker side. BYOD can introduce a host of security vulnerabilities and data protection concerns if you don’t manage it properly.
If your employees or associates are accessing your corporate systems or apps via their personal devices, you need to protect your business and customer data with a BYOD policy.
Here are 11 best practice tips to consider when developing your policy.
1. Secure buy-in from across the business
Any BYOD policy has to have input from:
- IT and business decision-makers
- HR and legal specialists
2. Make policy guidelines clear and compliance mandatory
Your policy should be legal and the rules clear to all employees. They should know where they stand when it comes to joining, leaving or altering participation in a BYOD program.
Ultimately, your employees must sign a BYOD policy whereby they agree to uphold the policies, and agree to you locking their device if it’s lost, stolen or in some way compromised.
3. Privacy / Intellectual Property stored on video, camera or audio
Policies should cover the use of camera, video and audio recordings as they relate to work.
Remember the case of the Royal Veterinary College named and shamed by the Information Commissioner’s Office (ICO)? A member of staff lost their camera, which included a memory card containing the passport images of six job applicants. Unfortunately, they had no guidance in place explaining how personal information stored for work should be looked after on personal devices, and their case has been plastered all over the media.
Employees could just as easily lose their phone with, say, pictures of executives in compromising positions after a few beers, or a video of a product still in development.
You need to make sure all these eventualities are covered in your policy.
4. The use of insecure Wi-Fi networks
Make provisions in your policy for the limitations of Wi-Fi security measures. You could, for example, label some networks off-limits, based on security alerts.
This assumes you’ve made sure that all personal devices are in line with your security standards, and that employees follow encryption and access control regulations.
5. Loss, theft and exit policies
Think through the possible scenarios surrounding the loss or theft of personal devices or the instance of an employee leaving. For example, make sure your business Intellectual Property and customer data is protected in the case of an employee leaving, and taking all of the contacts on their personal phone with them.
6. Allow a broad choice of device, and part-cover the cost
If you allow employees a wider choice of device and they can choose one they like using, plus if you part-cover the cost of the device, they’re more likely to want to participate in your BYOD scheme. This should significantly reduce your operational costs.
7. Create clear policies on which devices employees can use
Employees should not expect to use whatever device they have and it be accepted in your scheme; not all are enterprise-ready.
8. Add remote wipe
As the number of personal devices being used growst he chance that one of them will be lost or stolen increases. Remote wipe can prevent many headaches.
9. Respect personal data
Make sure you can identify personal versus corporate-owned devices and data. Apply a policy that hides personal information from the business. You can also isolate corporate data that relates to archiving, disaster recovery & business continuity, email accounts, VP and wireless settings.
10. Make sure your interface is function and easy to use
Make sure your BYOD interface addresses your organisation’s probably varying level of technical skills. Make sure all BYOD-relevant employees can remotely access their mobile devices via a user interface and easily lock it, reset its password or, if there’s been trouble, wipe it.
11. Consider a social media policy
BYOD renders social media more accessible in the work environment. Ignore this at your peril! More on this later…
As you evaluate your organisation’s BYOD situation, you may be interested in our cloud technology solutions. The Cloud Direct : ABC app, Office 365 and our unified communications office (UC Office) app are all geared towards helping businesses manage and collaborate from any device, securely.
Share this post