In recent years, Bring Your Own Device (BYOD) policies have become more common in many offices in all industries. From saving your company money to security management, there’s a lot to consider when you are contemplating whether to allow employees to use their own devices to complete their work. On the surface, it appears to be more cost-effective for companies, and it gives the employees more control over what devices they use. And, since many end-users prefer to use more of the latest technology for their own devices, companies get to reap the benefits of this without shouldering the full cost.
In this article, we’ll explore the following aspects of BYOD.
- The Benefits and Risks of a Bring Your Own Device (BYOD) Policy
- The Reality of BYOD (Bring Your Own Device)
- Security in an Increasingly BYOD Culture
- Unplugging in a BYOD World
Let’s explore the world of personal devices within a business context!
The Benefits and Risks of a Bring Your Own Device (BYOD) Policy
The benefits and risks must be weighed carefully as you look at whether a BYOD policy is the right choice for your organization, so let’s take a look at a few to help guide your thoughts.
The most obvious benefit of a BYOD policy is that it can help organizations save money on the initial purchase devices and software, as well as saving on updates and repairs because team members are responsible for keeping their devices up-to-date. Having a BYOD policy also allows employees to work with a device they are most familiar with, which can help them work more efficiently and may lead to increased job satisfaction and quality of their work.
Team members can complete their work from nearly any location at any time, which can be beneficial when team members are attending conferences and have downtime between sessions, need to work remotely between offsite meetings, and in other similar situations. This is also helpful for employees that may perform better outside of a traditional office setting, such as in a collaborative workspace rather than a cubical.
Some organizations report that having a BYOD policy in place has helped attract new talent and retain employees.
With a BOYD policy, it can be more difficult to manage the security of data and files through an employee’s personal device, which could create the opportunity for a security breach and a hacker to steal sensitive information. Without a firewall or proper antivirus software in place, you face gaps in security that could leave data at risk of landing in the wrong hands.
A BOYD policy could negatively impact your ability to complete work as efficiently as you need to if an employee’s device is out of commission and they don’t have a backup to work from. It’s important to outline how you expect an employee to complete work in a situation like this in your policy to help avoid downtime.
With a BYOD policy, you could run the risk of a dishonest team member using their device to obtain sensitive information that they may attempt to use for their own benefit.
If an employee leaves the company with little warning, that employee may still be able to gain access to your information if you do not act swiftly to make sure their device is clear of any information pertaining to the business.
Unsecured WiFi connections also pose a threat by giving hackers another opportunity to easily access your system and steal sensitive information. Make sure employees know your policy for remotely accessing the internet to help reduce this type of risk.
Diving Deeper Into The Reality of BYOD (Bring Your Own Device)
Beyond what’s already on the BYOD sales brochure, what is the reality of adopting a BYOD policy at your organization? Here are five things to consider before making that final decision.
BYOD isn’t limited to just smartphones; many organizations include laptops in this policy. When employees are providing their own laptops, they typically want to decide what devices and systems they’re going to be using… And that can raise compatibility issues. Will your CRM and other software systems run on every employee’s computer, using the same version and interface? If not, will additional training be required for different versions?
To avoid this issue, you can set technology standards and provide a list of approved devices for your employees, but end users tend to be less enthusiastic about the freedom of the BYOD program when it comes to boundaries.
Lack of Privacy
When using your work computer or work phone, there’s an understood (and oftentimes stated) agreement of acceptable use. For employers who allow the use of personal devices for work activities, acceptable use becomes increasingly difficult to enforce and define. And for employees, keeping your personal files and data private can feel virtually impossible.
In addition to that challenge, BYOD creates an interesting new dilemma when employees leave the company. The device belongs to that employee, so now companies need to get their proprietary information and files off leaving employees’ phones and laptops, which can become difficult or awkward, depending on the situation.
Risk of Involuntary Disclosure
This is arguably a risk associated with any device containing confidential data that an employee can remove from the building, but with BYOD policies, organizations run a higher risk of involuntary/voluntary disclosure of their proprietary information. While your employees (hopefully) won’t run over to your competitor to share secure company information on their laptops, the data is more susceptible to theft by third parties. Many people don’t keep a lock on their personal devices, and if their laptop or phone is ever stolen, those thieves have access to company data as well as that belonging to the employee.
Organizations can curtail this risk by setting a policy that requires every employee to keep a secure passcode lock on every device they use that stores or access secure company data.
With the security of your organizations’ data becoming harder to manage, so too does your compliance with state and federal regulations. When your business falls under compliance mandates, there are specific requirements regarding data protection and information security. When individuals own these devices, it’s difficult for the employer to monitor and ensure compliance.
You can audit the compliance and security of your office’s devices regularly and set standards for your employees to mitigate this risk, but telling individuals how they can or can’t use their own property rarely goes over well.
While a BYOD policy may cost less upfront than the standard company-issued programs, the costs of noncompliance and risk of data loss can be significantly steeper than that initial investment.
Security Tips For Your BYOD Office Environment
The original BYOD was mainly limited to bringing your own mobile, but it’s expanding. In Apple vs Microsoft office fan wars, BYOD seems an inexpensive alternative. It gives employees freedom of choice and frees employers from the additional costs of new equipment. When your employees work out of the office on a regular basis, BYOD also seems considerably more convenient.
Honestly, there can be a lot of BYOD risks. Not only are you at risk of physical theft, but any data kept on your employees’ devices are also susceptible to digital theft. With enterprise equipment, you have standardized security software (antivirus, firewalls, etc.) that your employees may not use or may even disable on their own equipment.
In addition, while people tend to be more careful about their browsing habits and what links they click on when using a company-owned computer, they’re less suspicious of that attachment from Jim two houses over that is “guaranteed to make them fall down laughing!” than they are of misspelled links in their work inbox. And if their device with access to your servers and shared drives is compromised, that can easily spread to the rest of your organization… Or even your clients.
Before putting a BYOD program into practice, make sure you have security standards set that workers must meet in order to use their personal devices for work purposes. The following insights will provide some guidance on securing your BYOD network.
Proper BYOD Security Precautions
A very simple step to secure company information on personal devices is to require all devices with company information (even as little as access to company email only) to have an access password or passcode. That means any phones or laptops should be password-protected.
It’s not just about making the device itself secure, but also about making your data secure.
Prevent local storage of corporate files and other sensitive documents. This way, if someone misplaces their phone or has their laptop stolen in a Starbucks, you don’t have to worry about what files may be vulnerable because an employee saved a copy of your 2016 company objectives to their desktop.
The biggest mistake companies make in BYOD environments is putting the BYODs on the same domain controller as the rest of your network. Consider having a separate BYOD network and limiting what can go in and out of the network with your domain controller to your BYOD network.
It’s important to isolate the BYOD equipment from internal infrastructure, such as servers, as much as possible. Obviously, those devices may need to access certain resources on the internal infrastructure, but you can secure the internal infrastructure from those devices by only opening up what’s necessary, forcing authentication, and having good encryption. Secure your internal infrastructure in a similar way you would a web server with a website on the internet. In other words, make only what’s necessary, accessible from the BYOD network.
You can also restrict offline access to files and require a secure VPN (Virtual Private Network) connection to allow devices to connect to the organization’s server. Consider requiring periodic re-authentication.
There are, of course, solutions you can utilize to help you manage the security of your networks in a BYOD environment, but you would have to set them up. Microsoft Azure and Amazon AWS both provide features like this.
Is BYOD right for your organization?
Every organization has different needs and a BYOD policy doesn’t work in every scenario, so take the time to carefully evaluate the benefits and risks and write down all the pros and cons you can think of (financial, security, whether this will be helpful for employees, and whether you want to have control over devices, among others) before you come to a decision.
We don’t really recommend going to a BYOD environment. If you do, create and enforce BYOD security policies with these steps to protect your data. We also highly recommend working with people who have the expertise to help guide your organization in this decision and help you put strategies and policies in place that further minimize your risk while helping your employees remain happy and productive. We know an IT company that can help with that 😉
Before you leave, here are a few tips to keep your team’s BYOD culture from overtaking their personal lives.
Unplugging in a BYOD World
There’s no shortage of studies touting the merits of fully unplugging in your downtime from work. Unfortunately, completely unplugging seems virtually impossible in the age of BYOD and the rise of the small business owner whose devices do double duty. When you’re pulling out your laptop on vacation, it may only be a matter of not checking your email, but when your cell phone is for both personal and work use, pulling the plug gets a little bit trickier.
You can’t just switch your phone off or put it in airplane mode when you need it to keep in touch with the people you’re on vacation with or when you might need it ready to make emergency calls. But you don’t have to check who’s calling and press reject on all the work calls coming through either.
When you set your phone to Do Not Disturb (DND), you can set exceptions for specific contacts. Setting this up will depend on what type of phone you have. You can set this up to allow calls from family and friends through, as well as anyone from the office who may need to reach you in case of emergency (just make sure you agree on the definition of “emergency” first). Consider your phone as a vacation bouncer.
Here’s how to make this happen on your smartphone.
- Create a group in Contacts and add the contacts you want to reach you
- Go to Settings > Do Not Disturb > Allow Calls From and select the group you’ve created
- Activate your Do Not Disturb
- You can activate DND from your swipe down settings or by going to Sound in Notifications in the full Settings menu
- From there, you can click on it to edit the notifications that get through and designate how long you want your phone to be in DND mode
- Set to Total Silence or Priority Only by clicking Sounds and vibrations
- To set contacts as priority, go to Advanced > Select Priorities > Calls From or Messages From
If there are times when you do want to plug back in, you can always let your work contacts know a specific time you’ll be available for them, and take your devices off of DND at that time. This time can also be used to give in to that temptation to check your work email, but keep in mind many experts say the full benefit of unplugging on vacation only comes when you stay unplugged.
Enjoy your vacation. Double duty can wait.