6 Tips For Establishing a BYOD Policy
Before we even consider the 6 tips for establishing a BYOD policy, why should companies consider letting their employees bring their own personal devices to work?
- Some studies show productivity gains by employees using their own devices.
- Many companies are of the opinion that allowing employees to use their own devices at work increases morale.
- One survey indicated that almost half of job seekers viewed an organization more positively if it supports their personal device.
So, if you are considering letting your employees use their own devices and want to address device security, IT service, and application use intelligently, here are a few tips for establishing an effective BYOD policy for your company.
Tip #1: Determine What Devices Are Allowed – And Tell Everyone
Today there are many devices (smartphones, tablets, laptops, etc.) to choose from on several systems — Blackberry, iOS, and Android.
It is important to let your employees know what devices are permitted when you say, “bring your own device.” You might what to say something such as, “Bring your iPhone but not your Blackberry.” Or, “iPads are fine, but not smartphones.” It’s very important to let employees know from the outset what devices you support and what ones you don’t.
Tip #2: Establish a Strong Security Policy (and enforce it!)
BYOD employees are often hesitant about having passwords or lock screens on their own devices. However, they should be aware that the company needs to protect its sensitive information — information that their BYOD device would be connected to. Additionally, it’s critical your corporate system have access to swipe-and-go operation on any BYOD devices.
So go ahead…be blunt. Just tell your BYOD users that if they want to be connected to any of your systems, they must accept a complex password attached to their devices — not a “123MyDevice”, “Bond007”, or a 4-digit numerical PIN number. They will need a strong, lengthy alphanumeric password.
Tip #3: Define a Service Policy for BYOD Devices
It’s important for employees to understand what your service and support policy is for BYOD, and to set boundaries. Consider the following:
- What level of support will be available for the initial connection to your network?
- Will you support any applications installed on their personal devices?
- Will Help Desk offer ticketing to solve issues with email, calendaring, and other personal info management applications?
- What if they have a personal app that’s interfering with a corporate approved app? Will you help them solve any conflicts? Or are they on their own?
- Is your support basically a “wipe and reconfigure” operation? Will BYOD users be able to capture any of their own “personal” data if their phone is lost or stolen?
Tip #4: Determine Who Owns What Apps and What Data
Your BYOD policy should make it clear that you assert the absolute right to wipe personal devices brought onto the network if they are lost or stolen? You should provide guidance to your employees on how they can secure their own content and back it up. Backups are important, so that in the event there BYOD device is lost or stolen, they can restore their personal information once their device is replaced. You will also want to make it clear to BYOD users that sometimes it’s impossible to replace personal pictures, music, and applications.
Tip #5: Consider What Apps Will Be Allowed
Should BYOD users be allowed to download, install, and use any application that may present a security or legal risk, such as social media browsing, replacement email applications and VPNs or other remote-access software. Actually, this applies to any device that will connect to your environment, whether corporate- or personal-issued.
For example, what it the latest Facebook app has a security hole that allows spammers to email your entire staff of 5,000 employees? Do you want to allow that one to have access to your network? Jumping from security threats to legal threats — You may also want to include in you BYOD policy an exclusion for any downloads of questionable apps or copyright-infringing music and media.
Note: Employees may balk at this one, but you may want to consider asserting the right to have a manual screening of their device for “illegal” apps.
Tip #6: Create A BYOD Exit Strategy
The average employee is at a company for 2 to 2 1/2 years. What happens your BYOD employees leave the company? How will you enforce the removal of their access tokens, e-mail access, data and any other proprietary applications?
If they were using a corporate-issued phone it would be simple. But BYOD is a bit more complex. Some companies just disable email or synchronization access. However, security-conscious companies will perform a wipe of the BYOD-enabled device.
You may want to have an established methodology for backing up a BYOD user’s personal photos and applications prior to any “exit wipe”. Make it clear to BYOD users from the outset, that the company has the right to issue a wipe command if the BYOD employee leaves the company without checking in with HR or IT first.
If All This BYOD “Stuff” Seems Like a Lot of Work, Consider This:
By the year 2015, there will be over 2 billion smartphones in use across the globe. If you haven’t already established a program to allow your employees to use their own devices to access corporate email, calendar, and other contact systems, you should.
- About half of all respondents in a CISCO survey prefer BYOD over corporate devices.
- 29 percent prefer BYOD even though their companies do not provide corporate devices
- BYOD-ers spend an average $965 purchasing their own personal devices for work and about $650 (per year) on data costs. Most pay for their own equipment and services — saving companies a bundle.
- The trajectory is clear — BYOD is here and growing.
Find Out About: OnPage Pager App For IT Professionals
- Pager Replacement
- Consolidate Devices
- Alert Until Acknowledged
- Reliable, Enterprise Grade
- Group Alert & Escalation Capabilities
- Multiple Methods of Messaging
Check Out: OnPage Features
- 2016 – OnPage Year in Review January 2, 2017
- OnPage brings critical communications to the smartphone age December 29, 2016
- OnPage healthcare alerting December 21, 2016
- OnPage: High and Low Priority December 21, 2016
- With AWS Managed Services, are IT management tools dead? December 20, 2016