Bring Your Own Device (BYOD) program has its own advantages and disadvantages. This article, the first in the three article series – talks about the good and bad of BYOD. The other two articles work to create a proper BYOD policy and find out mistakes to avoid while implementing it. Before proceeding to talk about the benefits of BYOD and its negatives, let us check out how the system is implemented.
What is Bring Your Own Device or BYOD
Bring Your Own Device system has been around for a while and is gaining momentum as more and more businesses opt for the system. Under the BYOD structure, employees use mobile devices that allow them to:
- Use the same device for personal and office use
- Work from anywhere
I can classify BYOD into two distinct categories: (a) the first one is where companies allow usage of employee-owned devices and (b) the second one where companies buy mobile devices for the employees. In each case, the implementation will differ slightly. For example, if the company is providing the device, it probably will block installations of things that are distracting: Angry Birds, for example. Also, the company may use secret software to see what you have been doing on the device. Of course, they will allow private use of the devices but that will be a little restricted.
Simply put, BYOD is a system where employees carry a mobile device that they can use to work from anywhere (using the office VPN in most cases).
The first thing that comes to mind when talking about BYOD, is cost savings in different forms. In most cases, we assume you already own a mobile device and your company reconfigures it for business use. If that is the case, the business saves on buying the devices.
As of now, the practice of using employees’ existing devices is not much implemented. Rather, companies themselves buy the mobile devices, configure it and give them to the employees – in which case, the employees benefit in the following two ways:
- They connect to the Internet using the office VPN thereby saving on the Internet costs;
- They can work from anywhere using the same device for both business and personal uses. This relieves them from carrying more than one mobile device for personal use. Issues will arise here that might irk employees. We will talk about these issues in the negatives of using the BYOD system in businesses.
Since the employees can work from anywhere, the overall productivity increases. Employees who might not make it to the office due to bad weather or traffic, can work from home or anywhere else. This saves on employees’ absence that would otherwise lead to delay in projects. In case an employee needs to leave the office early, they can later cover the pending work. For example, if an employee has an appointment, s/he can leave early, meet the doctor, go home and work from there to complete the day’s targets.
BYOD also serves as a selling point. People prefer to work with companies that allow a single mobile device for both business and personal uses. If it is the traditional workplace, people may not be allowed to take their personal devices inside the office. I have seen workplaces where they do not allow even employees’ cellphones inside. That, compared to being able to use a single device for both personal and business work, is a big turn-off. In other words, companies with a solid BYOD system in place tend to attract better employees.
Again, the first one is the cost factor. Unless the company believes in allowing employees’ existing devices for business, they will be spending money on buying the equipment. Add to it, the usage of the Internet for personal purposes will only increase the spending. Still, because there are other benefits attached such as mobility and better productivity, most companies are shifting to BYOD systems.
For the employee, the turn-offs could be restrictions placed on the device. I am yet to come across any employee who says organizations prohibit personal installations in the BYOD atmosphere. Still, the organization’s policy might go to the extent of saying NO to games and certain websites.
Another cause of concern for employees is their privacy. If they use Facebook, Twitter, or something similar, the company may be able to know the login credentials. Personally, I do not believe corporate houses will go that far on snooping but the possibilities exist. Another aspect is recording or logging employee actions on the device that may give out information they won’t want to share with anyone. An example could be using the device to download a pirated movie.
The most argued concern or the negatives of BYOD systems is the security of the company’s data. Of course, the employees can access only a part of it but that part might still be enough to give out important information to others – knowingly or unconsciously. There should be a proper policy as to what the employees can share with others as well as a good exit policy: to be implemented when the employee leaves the company. A good option would be to transfer all the business data to another computer and shred the data files from the employees’ devices.
Bring Your Own Device Policy
To make BYOD successful, you should have a good BYOD policy in place. There is no such thing as the perfect BYOD policy. You just keep on making changes to the policy – as technology progresses – to keep the data secure.
#1 Educate the Employees
If you are considering BYOD implementation or have already implemented it, take time to make the employees understand the system is for convenience to both the employee and employer. You need to tell them how to keep the device protected with the latest updates and patches for the operating system and hardware they are using on their mobile devices. You need to tell them about the possibility of data leaks and how it can ruin the organization’s efforts. You need to make it clear that privacy of an organization’s data cannot be compromised.
#2 What all Platforms To Allow
You cannot let users select just about any platform. If your organizations cannot run on any specific operating system such as iOS, you have to tell your employees that people opting for iOS cannot participate in the BYOD program.
In a better method, you can give them a list of two three platforms that are acceptable and are good enough to provide for both the organization and employees. That would bring in some consistency so that you do not have to hire additional IT people to troubleshoot the devices.
#3 Non-Disclosure Agreement
Make the employees sign an NDA to an effect where they cannot share company data with any third party. Make them aware of social engineering and teach them methods to keep the data under lock.
#4 Logging & Responsibility
This is important even if the employees object. Logging the events can help you identify if any employee has been engaging in illegal activities such as downloading pirated movies. In this case, you also need to tell the employees that they will be responsible if anyone claims damages and not the organization. This clause is important as people often revert to cheaper methods for something or the other. And since it is the employee using the device and because it was the employee who went ahead to, say, download a pirated movie, the organization will not be charged with any offense.
#5 Tracking and Remote Deletion of Data
Another important aspect when creating a good BYOD policy, tracking the mobile device is more for the safety of the organization’s data and NOT to know what the employee is up to. The mobile device needs to be equipped with some sort of application that allows remote deletion of HDD. This is helpful when:
- An employee loses the device
- An employee leaves the job and moves on to a rival organization
The possibility of an irked employee giving away information deliberately exists, and the NDA agreement should be able to take care of that. Keep the damage claims a little higher to prevent the deliberate sharing of data.
Among other measures that help you to formulate a proper BYOD policy, are
- Registering the MAC addresses of devices – This helps in blocking illegal connections to the corporate network
- Auditing the Network – Check the network for any possible vulnerabilities and keep a check on the number of devices connecting to it. This way, you will be able to know if any unauthorized devices attempt a connection.
- Create a company cloud so that users who are working remotely can store things to the common shared space instead of plugging into your network again and again. That will reduce the chances of a security breach by a significant percentage. It can be anything that allows storage, collaboration, and encryption.
BYOD Solutions & Mistakes
#1 Employee Education
Get a person who knows the ins and outs of BYOD: the security issues, compatibility issues and most important of them all – the social engineering part. It would be a good idea if you can provide each employee with a handbook of your BYOD policy along with details of the person to contact in case of problems. You can use multimedia content to illustrate possible threats (presentations, videos, etc.) so that every employee understands the policy.
You have to keep them reminding. One-Time-Training would not suffice. You can actually create training sessions under the name of “Feedback & Needs of BYOD Employees”. You can stress the important points and ask for feedback/problems the employees are facing in the system. That will serve two purposes – you get to replug the basic but important points of the policy and you can use the feedback to improve and make it one of the best BYOD solutions.
#2 Restricting BYOD To Certain Device Models
We all know the mobile market that keeps on changing fast. Newer models come out too frequently and employees would want to buy a better device. But if the organizations’ applications do not run on the new model, the employees may be frustrated. One option is to create apps that make use of cloud-like Azure and Microsoft 365 that will run on almost all types of models. Using and implementing generic apps like Dropbox, OneDrive, etc. for remote storage and real-time collaboration will give a boost to your BYOD policy.
If you want the employees to use apps designed by the business IT department, make sure the apps are compatible with all major devices (operating systems) available for mobile devices. Thus, you will be offering facilities that can run on almost any device model rather than restrict them to certain device models even though they are craving for that new Windows phone released with much fanfare.
#3 Don’t Forget Migrating Process
When the above method of using generic apps, it is not much difficult to migrate from the older device to the new one. Still, include something that helps in transferring data to newer devices (if stored locally) and then wiping out the previous device. More than often, people keep their old devices casually (unprotected) and some might try to sell them away. In both cases, you have to get the business data erased before they are picked up by someone outside the organization.
#4 Not Including Erase Clause Is a Huge Mistake
While point 3 talked about old devices, this point is related to new devices. It will be hard to get employees to agree on the point. Tell them it is for their own benefit. If they misplace the device or move to another company, your IT department should be able to remotely wipe out the data on employees’ devices.
You can’t simply go ahead and wipe out data as the employee may knock courts. This possibility makes it necessary to include the clause in the BYOD agreement so that even if you erase the data remotely, you are not to be held responsible.
#5 Responsibility For Illegal Usage
There should be a clear policy that absolves the organization if the employee uses his/her device for illegal downloads etc.
#6 Forgetting About Upgrades
It is a known fact that technology keeps on evolving. Accordingly, your IT department needs to make their apps and other things compatible with the newer technology for smooth and protected processes. The mobile devices’ hardware and operating system may too get obsolete in a way that the organizational apps might not run properly on the existing devices.
The best BYOD solutions include a clause that forces employees to upgrade their mobile devices when technology demands better hardware or operating system. If the employees can’t upgrade due to financial problems, the organization can offer them a compatible device or better still, offer them a loan to buy the latest technology. This will make employees happy and loyal. This translates to better production.
The above are some critical mistakes I could identify in implementing a good BYOD policy. If you think I missed anything, please comment and share with us.
Now read: What is Bring Your Own Network or BYON?