If there were a list of technology buzzwords in offices this year, “BYOD” would be near the top. The Bring Your Own Device craze is sweeping through workplaces all over the US.
It’s easy to get pulled along in the tide of popularity that BYOD is riding right now. On the surface, it appears to be more cost-effective for companies, and it gives the employees more control over what devices they use. And, since many end users prefer to use more of the latest technology for their own devices, companies get to reap the benefits of this without shouldering the full cost.
But beyond what’s already on the BYOD sales brochure, what is the reality of adopting a BYOD policy at your organization? Here are five things to consider before making that final decision.
BYOD isn’t limited to just smartphones; many organizations include laptops in this policy. When employees are providing their own laptops, they typically want to decide what devices and systems they’re going to be using… And that can raise compatibility issues. Will your CRM and other software systems run on every employee’s computer, using the same version and interface? If not, will additional training be required for different versions?
To avoid this issue, you can set technology standards and provide a list of approved devices for your employees, but end users tend to be less enthusiastic about the freedom of BYOD program when it comes with boundaries.
Lack of privacy
When using your work computer or work phone, there’s an understood (and oftentimes stated) agreement of acceptable use. For employers who allow use of personal devices for work activities, acceptable use becomes increasingly difficult to enforce and define. And for employees, keeping your personal files and data private can feel virtually impossible.
In addition to that challenge, BYOD creates an interesting new dilemma when employees leave the company. The device belongs to that employee, so now companies need to get their proprietary information and files off leaving employees’ phones and laptops, which can become difficult or awkward, depending on the situation.
Risk of involuntary disclosure
This is arguably a risk associated with any device containing confidential data that an employee can remove from the building, but with BYOD policies, organizations run a higher risk of involuntary/voluntary disclosure of their proprietary information. While your employees (hopefully) won’t run over to your competitor to share secure company information on their laptops, the data is more susceptible to theft by third parties. Many people don’t keep a lock on their personal devices, and if their laptop or phone is ever stolen, those thieves have access to company data as well as that belonging to the employee.
Organizations can curtail this risk by setting a policy that requires every employee keep a secure passcode lock on every device they use that stores or access secure company data.
We’ve posted before about the security risks of BYOD. Honestly, there can be a lot of them. Not only are you at risk of physical theft, any data kept on your employees’ devices are susceptible to digital theft. With enterprise equipment, you have standardized security software (antivirus, firewalls, etc.) that your employees may not use or may even disable on their own equipment.
In addition, while people tend to be more careful about their browsing habits and what links they click on when using a company-owned computer, they’re less suspicious of that attachment from Jim two houses over that is “guaranteed to make them fall down laughing!” than they are of misspelled links in their work inbox. And if their device with access to your servers and shared drives is compromised, that can easily spread to the rest of your organization… Or even your clients.
Before putting a BYOD program into practice, make sure you have security standards set that workers must meet in order to use their personal devices for work purposes.
With security of your organizations’ data becoming harder to manage, so too does your compliance with state and federal regulations. When your business falls under compliance mandates, there are specific requirements regarding data protection and information security. When individuals own these devices, it’s difficult for the employer to monitor and ensure compliance.
You can audit the compliance and security of your office’s devices regularly and set standards for your employees to mitigate this risk, but telling individuals how they can or can’t use their own property rarely goes over well.
While a BYOD policy may cost less up front than the standard company-issue programs, the costs of noncompliance and risk of data loss can be significantly steeper than that initial investment.
About the Author-
Erica Lee is the Assistant Service Manager at Rocket IT. Erica was an exchange student to Germany as a high school junior and, because of that experience, went on to earn Bachelor degrees in German and International Affairs from the University of Georgia.
Want technology and leadership content sent directly to your inbox? Subscribe to Rocket IT’s monthly newsletter!