How to Create a Solid “Bring-Your-Own-Device” Policy

With technology evolving rapidly, most employers simply can’t keep up with the pace of change as easily and quickly as their workforce can, so more and more companies are allowing employees to use their own devices on the job. From laptops to cell phones to tablets, today’s businesses are often powered with equipment not provided by the company.

The benefits of allowing personal devices are numerable: It saves the company money by not having to purchase new computers every few years; it increases productivity, assuming newer technology means a person can work more efficiently; it allows salaried workers to move projects along after official work hours, since their “work desk” is now often in their pocket or purse; and it improves morale, because, ostensibly, the employee is using equipment of their choosing.

But it also opens up new set of vulnerabilities for the employer, meaning it is imperative for every company to have a solid policy regarding the use of personal devices. Although there are many things to consider when crafting a BYOD policy, here are five points that every policy must address:

Security. Many questions arise; here are only a few. How do executives ensure that company data is secure when it’s accessible on someone’s personal smart phone? Should they mandate that a phone have a lock code (and mandate how quickly that lock should activate) and that a laptop have an appropriately strong password? What’s the rule on accessing company data via wi-fi or unsecured hot spots?

Support. Will personal devices be covered under a company’s managed service provider contract or Help Desk? For what issues? What if a specific personal app is inhibiting work functions? Can that app be “banned”? Will the company issue a “loaner” laptop if the employee’s personal laptop is “in for repairs”?

Reimbursement. Who pays for the device? State law dictates some of this (for instance, employers covering a portion of an employee’s wireless bill), but the company needs to decide how it will repay the employee for using his or her device at work.

Acceptable uses. Because a device will be connected to a company’s VPN, what are employees allowed to do at the office? Is posting on Facebook during a work break a violation? How about viewing “inappropriate” websites while at home but on the VPN? What if, inadvertently or not, an employee transmits inappropriate or even illegal content using your network? Will devices be monitored? How?

Severing ties. What happens when an employee leaves the company? A policy must address how an employer will remove all company material and access from the personal devices. Will it be a total wipe/reset (and when?), or accomplished simply by disabling email?

The trade-off for reaping the benefits of allowing employees to use their own devices requires some up-front investment of time – in crafting a policy that works for both parties. But it’s a step that, for everyone’s protection, can’t be skipped.