The Risks and Rewards of Bring Your Own Device Policies
A year ago when I left the company I was working for and moved to my first company with a Bring Your Own Device (BYOD) policy, I thought it was a pretty revolutionary freedom. Today, I don’t know too many companies that don’t allow BYOD practices in some way or another.
CIO recently referred to a report from CompTIA that states that it’s today’s younger workers who are responsible for the shift in BYOD’s acceptance worldwide. “Nearly two-thirds of millennials use a personal device at work compared with just a third of Baby Boomers,” the article states.
The benefits of implementing BYOD extend to more than just employees who don’t have to leave their tablets and phones in their desks all day; there are many benefits for employers as well. The New York Law Journal details how, when BYOD is done right, everyone wins:
For employees, these types of policies are desirable because they cut back on the number of devices that employees must carry and check and also allow employees to choose which device and/or operating system is most comfortable for them and most conducive to their work. Such policies also can result in cost savings for the employee if the employer provides a technology allowance or covers a portion of the service costs that an employee would have incurred anyway in procuring and maintaining a personal device.
Employers can realize significant savings as the costs of providing a technology allowance or paying a portion of service costs are likely to be significantly less than the hardware and service costs of providing a separate company-issued device.
But what about when BYOD is done wrong? This is usually caused by a lack of security policies in place or having policies but failing to monitor them closely. CSO references a recent study from Acronis and the Ponemon Institute:
About 60 percent of organizations acknowledged they either don't have a policy that specifies how employees may use their own devices in the workplace (41 percent) or are just planning to write such a policy.
Hunter Hoffmann, the head of US Communications at Hiscox, a specialist insurer, recently spoke with us regarding some easy steps that companies can take to get BYOD off on the right foot. Hoffmann suggests:
- Password protection for devices and requiring that those devices are updated regularly
- Making sure that data going out from employees’ devices is encrypted
- Data protection and cyber security insurance
- Early notification of any device that is lost or stolen so action can be taken immediately
- GPS tracking on all devices
- Ability to remotely wipe the data from any device that goes missing
It’s always a risk to allow employees to take sensitive information out of the workplace on devices that are so easily compromised, but protecting that data can be done just as easily.
If your company has a BYOD policy, do you have any other suggestions to ensure its safety and success? Tell me in the Comment section below.