How many people do you know that do not carry a mobile device? Probably none. With the ever-connected, always-on world we live in today, the lines between work and personal time is often blurred and the need to be connected is ever-present. Several years ago, when this trend began, both employees and employers saw benefits in allowing employees to bring their own personal devices into the work place. Employees no longer needed to carry multiple devices and employers saw potential financial benefits.
But today, seeing BYOD (Bring Your Own Device) as a benefit is changing, and for good reason.
As a rule, consumers – a/k/a employees – often adapt to advances in technology more quickly than companies do, or can. As a result, companies, by default, adopt technology without fully appreciating the potential liability and risk associated with it. For many companies, this has been the case for BYOD.
Over the past couple of years, employers began navigating the technical and legal waters associated with a BYOD policy. What we’ve seen in the US, according to recent studies, is that the trend of adopting a BYOB is reversing, in favor of providing company-owned devices for employees to use. Companies are reconsidering because liability, supportability, and cyber-risk may very well outweigh the cost of purchasing devices for their staff members.
If you’re charged with making IT decisions for a company and are considering BYOD, there are a few things that should be carefully considered. Most importantly, do you have a formal policy – acknowledged by the employee – that details specifically how the device is to be used? Without a formal policy, companies will find that they are very limited on what they can and cannot do to employee-owned devices. Depending on the type of business, there may be compliance requirements related to the safeguarding of data, even if the device is owned by the employee.
The questions associated with a BYOD policy continue: What sort of devices will be allowed, and how will they be updated? What type of data will be stored, where will it be backed up, and if necessary, how will it be encrypted? What happens if the device is lost or stolen? What about passwords and what happens should a device become locked? Will employees be allow to save data (company or personal) in the “cloud”? What happens when an employee leaves the company? As you can see, there are many considerations employers need to resolve prior to allowing BYOD.
Another important consideration of BYOD is access to wireless networks. Information and data may be the most valuable assets companies have. As such, policies and controls should exist for accessing wireless networks with personal devices, company-approved or not.
Today, there are any number of commercially available products, systems and methods to assist in the management of user-owned devices. For those companies willing to adopt BYOD, a carefully planned formal strategy is a must. Employers need to carefully consider and weigh all of the pros and cons prior to making a decision. Employees, on the other hand, need to appreciate and accept the inconvenience of the added policies and controls required to protect vital company resources.