In the digital era we live in, most people have their own personal smartphone, computers, and tablets that they use every day. And as these devices have increased in popularity, so has the number of people who want to bring their personal devices into work. Almost every employee brings their mobile devices into work to call, text, check social media, and more. Similarly, many employees have wearable devices like watches that they bring into the office without giving it a second thought. More and more employees are wanting to bring in their tablets and computers so they can bring in work from home or have a laptop to bring into a meeting and take notes.
While it is extremely common for employees to bring in their own devices, companies are taking a risk when they allow employees to do this. Employees bringing their personal devices to connect to the organizational network and access work systems can expose sensitive and confidential data. So many organizations may decide to implement a policy for BYOD.
BYOD stands for Bring Your Own Device. BYOD may refer to a variety of personal devices, including smartphones, computers, tablets, USB drives, wearable devices, and more. Many schools and businesses allow employees and students to bring their own computers and smartphones, though many don’t have BYOD policies that help protect them. BYOD is also known as BYOP or Bring Your Own Phone, which is very common among most organizations as most people do have their own smartphone they carry with them everywhere.
While it’s prevalent that employees will bring their devices into the workplace, companies and IT professionals should work to ensure they implement a successful BYOD system to help keep company data, and other employees, safe. When employees know what kinds of rules and boundaries there are with their laptops or mobile devices, it helps everyone stay secure and keeps data safe.
What devices will be permitted? The first step to creating a successful policy associated with BYOD is to establish what devices will be allowed in the workplace. This list should be detailed and give information about device types, models, operating systems, and more. This list should also include what kind of chargers, headphones, or plugs are allowed to go into company computers or devices. This will help employees understand exactly which items they can bring into the office. Many BYOD policies will require that employees have devices inspected or checked out before they connect to the network or access company information, so be sure to list those requirements in your policy for BYOD.
Acceptable uses. Your organization will need to determine what employees can use their devices for when they’re in the office or on your organization’s network. Certain websites or apps may not be allowed when you’re on the company internet or during work hours. Your organization may designate a certain amount of time that’s acceptable to check personal email or social media apps, or times when it’s OK to listen to your personal books or music apps. Some organizations have mobile device management systems that check on employees to ensure that personal devices are being used properly during work. All of this should be explained to employees and properly listed in an acceptable use policy.
Reimbursement options. Your policy about BYOD should explain if employees are reimbursed for any percentage of their personal phone. Many employers choose to do this instead of buying corporate devices for their employees. Not all employers decide to reimburse for personal devices, but many do. Since many employees use their personal phones to take work calls while at the office and at home, many organizations find they need to reimburse employees for some or all of their phone plan cost. Your BYOD policy should carefully explain how reimbursements work, and how employees can receive their reimbursement.
Define a service policy. Make sure your employees understand the boundaries for service on their personal devices. What kinds of help can your IT department offer for personal devices? Make it clear if your HelpDesk can give assistance with email, calendaring, company applications, and more. When your employees understand the boundaries they will know when they can reach out for help about their device and when they shouldn’t.
Security. Many organizations require password protection for devices that are brought into the office. It’s valuable to have a security policy that helps users understand how they can safely utilize the VPN and network. The company VPN and network should also be password protected, with users signing agreements to not reveal or share passwords. Organizations sometimes have mobile device management systems that help them ensure employees are using proper security with their personal devices. The right security policies can help keep data secure and ensure that users don’t accidentally cause problems with devices.
Who will own apps and data? Be sure that employees understand how to back up their personal devices so that their data doesn’t get lost in the event that a phone gets erased or needs to be wiped. Your BYOD policy should make it clear that the organization asserts the right to wipe devices brought onto the network, as well as give them information on how they can save their private data elsewhere in case that does happen. This will help cover bases and make sure your employees are prepared for what it means to bring their device into the office.
Pros. There are many pros for BYOD policies including:
Increases security. BYOD policies help organizations keep their data and devices safe from malicious and accidental cyber threats.
Lowers costs. When employees utilize their own devices, the organization doesn’t have to pay as much to purchase or maintain them. Companies can save lots of money by allowing employees to bring their own devices instead of purchasing new ones for them.
Improves efficiency. When employees are able to utilize their own devices, they can work from home on sick days or take meetings later in the evening away from the office. This improves the efficiency of the entire organization.
Boosts morale. When employees are able to use their own devices they feel more in control of their work day. They appreciate the ability they have to use their own devices and access their personal music, email, and calendar during the workday.
Cons. There are some cons to BYOD policies that organizations need to consider.
Loss of privacy. Employees may be concerned that when they bring their device to work and agree to log in to the organization’s network, their privacy is compromised.
Security. Similarly, employers may worry that allowing employees to bring their own devices into the office can compromise their security, with lots of devices connecting to their network and systems.
Legal issues. When personal devices are brought into work, employees have opportunities to harass or defame their organization. This can be through pictures, recordings, social media, and more.
Productivity. Sometimes personal devices can distract workers from their tasks, and can end up creating problems for productivity.
Nonexempt workers. Nonexempt workers that use personal devices to connect to work could go over their hours by using their personal device. Employers need to be wary of this so they don’t face legal issues.
Technology is a regular part of daily life today, and that includes work life. As technology becomes more prevalent, organizations will need to work to increase their security for tech, both for employees and the company itself. Cybersecurity professionals are vital for organizations to establish safe technology practices. Cybersecurity and other IT professionals can help an organization establish standards for their BYOD policy as well as set up the systems to monitor personal devices, help employees troubleshoot, and more. If you’re interested in being the IT professional that helps an organization establish these tech policies, get your degree at WGU today.