Many modern companies are now implementing BYOD policies that permit employees to work with their personal laptops, tablets, and smartphones.
Bring your own device (BYOD) to work. Who would have thought, even twenty short years ago, that you could use a little phone to do business instead of a big clunky computer? That’s today’s reality and tomorrow’s norm. However, with this new wave of change in the workplace, there comes many risks and rewards to both employers and employees.
Bring your own device programs can be broken down into three important areas of review.
This is where things get tricky. You can create all the policies you want. Write them up and discuss them until you’re blue in the face, but how do you truly enforce them? The answer is that you can’t. You can’t control what employees do even if they sign an agreement on usage. So, it stands to reason that you must be very careful when hiring employees. Trust is crucial. You must be able to count on your staff to do the right thing all the time.
Asking people to use their own devices certainly offers several advantages. It can lower company costs and improve efficiency and effectiveness. Mark Coates, a VP at Good Technology notes that “By enabling employees to securely and easily access corporate data on their own device, productivity levels will naturally increase. In terms of cost savings, there are huge benefits, since SMBs will not have to manage and fund a second device for employees”.
Tony Bradley of PC World states that “when companies embrace BYOD policies, they have advantages over competitors. Some of these advantages being lower costs to the company since employees already own these devices and employee satisfaction and familiarity with the devices. Obviously, they’d rather use the devices they love rather than being stuck with laptops and mobile devices that are selected and issued by the IT department”.
On the other hand, the obvious cons are trying to control private and sensitive information. Data breaches can and have occurred. Software and hardware are replaceable, but company data is not. In a BYOD workplace, organizations lose much of the control over the equipment and how it’s used. After all, how do you tell an employee what they can and can’t do with their own laptop or smartphone? Company-issued devices, on the other hand, are protected by company-issued security that is controlled by the IT department.
Advice is being offered to companies considering a BYOD policy via government guidelines. The US Department of Commerce’s NIST, National Institute of Standards and Technology, has the following to say.
Teleworkers who use a BYOD desktop or laptop (PC) for telework should secure their operating system and primary applications.
Securing a BYOD PC includes the following actions:
Teleworkers who use a BYOD mobile device for telework should secure it based on the security recommendations from the device’s manufacturer.
They go on to say, “Sensitive information, such as personally identifiable information (PII) (e.g., personnel records, medical records, financial records), that is stored on or sent to or from telework devices needs to be protected so that malicious parties cannot access or alter it. An unauthorized release of sensitive information could damage the public’s trust in an organization, jeopardize the organization’s mission, or harm individuals if their personal information has been released”.
As you can see, a lot of thought needs to go into deciding whether this practice is right for your workplace. If you’re still not sure, check out the link below for a detailed graphic checklist.