In a mobile world, the flexibility of working in a multitude of environments--office, home, remote location, and on site--isn't just a perk. It's becoming a vital way to remain competitive and innovative as a company with a commercial work space. However, allowing your employees to work from anywhere comes with a price. Smartphones, tablets, and laptops are great for portability, but for many small- and medium-sized businesses, the cost to provide each employee with company-issued electronics is prohibitive.
It seems the answer is simple: let your employees bring their own devices. This movement of BYOD (Bring Your Own Device) has become the norm across many offices and has majorly influenced activity-based working office design.
But how do you protect your data and IT infrastructure when devices accessing your network are not entirely in your control?
Know the Risks of BYOD
Lost or stolen device. By their nature, devices are light and portable. Phones fit in pockets and purses, and tablets and laptops can be carried everywhere in a briefcase or laptop bag. Their very portability makes them easy to leave behind or become quick targets to steal. Once out of your employee's hands, not even encrypted data or device-locking passwords can keep experienced hackers out.
Employees leaving the company. If the departure is abrupt, such as when an employee resigns immediately and doesn't return to work, not having access to the physical device makes it difficult to wipe company information from the person's personal electronics. This leaves the door open for unauthorized future access to proprietary software and company data.
Lack of security updates. Not everyone is an IT specialist, and updates happen so frequently--especially on smartphones--your employees don't always keep up-to-date with the latest anti-virus or firewall updates. A poorly updated device can make hacking much easier and leave a company's data vulnerable.
Unsecured wi-fi. The nature of working from anywhere means employees can and do access unsecured networks to get the job done. Coffee shops, airports, or even their own homes give a portal for hackers to access company information through unsecured wi-fi networks. Once they're in through an unsecured network, they can piggyback into your company data to their heart's content.
How to Make BYOD Rewarding and Effective In Your Office
There are ample reasons to institute a BYOD policy despite the risks. One: employees are most familiar with their own belongings, so there's virtually no learning curve when they go mobile. Two: their productivity can skyrocket. If, while waiting for their morning coffee, they can shoot off a few emails, that's time back in the company pocket. Three, with electronic-savvy workers, they can supplement your access to up-and-coming technology by keeping up with the latest trends themselves.
Get Clear on Policies and Processes:
- Have a clear conduct policy with regards to personal devices. This can range from how much monitoring your IT department is allowed to have over their device, which contains their personal information, as well to when and where using the device is appropriate. In a business meeting, having such immediate access to a phone can be a distraction, not a benefit.
- Be clear what sort of devices are appropriate. Part of the benefit is letting the employee choose, but prohibiting jail-broken devices or certain apps that compromise security should be made immediately apparent in any BYOD policy.
- Set boundaries. Many employees are uncomfortable with their employers having access to much personal data, a ton of which is stored in their phone--location, personal photos, call logs, and contacts, just to name a few. Setting your employees' minds at ease about what is and isn't appropriate access by the company can go a long way toward making the device usage comfortable for all involved.
- When personal devices are used, designate how expense reimbursement will work. Whether that means tracking business usage or prorating only a portion of the user's monthly cell phone or internet bill, keep the details transparent so there are no surprised. This is especially important with employees traveling internationally for business.
Protection Goes Both Ways
With 73% of internet consumption in 2018 coming from mobile devices, security surrounding their business usage is more crucial than ever. Some things to consider are:
- Setting up a virtual desktop infrastructure (VDI) or mobile device management protocol to ringfence the company data from personal data. Private cloud storage is also a viable option. This ensures not only is the company-owned information protected from outside access, it keeps the employee's personal data private.
- Requiring strong passwords, time-out locking, certain company-provided anti-virus and protective software, and setting up protocols for reporting a lost or stolen device right away. Encouraging regular backups can also help.
- Transparency about company access and monitoring of employee devices. When an employee leaves the company or transfers to a department where their permissions change, there will be no surprises about what does and doesn't get wiped from the employee's device. Before allowing access to the company data, be sure all parties, including management and IT, are explicitly clear on the policy rules. If there's crossover between company access into personal data, state how the company will protect that personal information, and within what limits that protection is expressly stated.
- Considering cyber liability insurance. Sometimes, no matter how secure a device or network is, hackers can get through. Knowing your legal rights and responsibilities, as well as ensuring any breaches can be handled within state and industry regulations, you can be assured you and your employees are covered in the event of a threat.
Business turns on a dime, and as such, the more mobile and flexible your employees, the better they can maintain a competitive edge in your industry. While there are definitely security considerations to be made, a solid BYOD policy can not only save your company money and time, it can make for a more dependable workforce your clients and customers can rely on.