Got BYOD? Then your small business needs a rock solid BYOD policy.
Friday, July 6, 2012 • 7:01pm
Recently I have been involved in a series of conversations about BYOD and thought I would share my takeaways with you.
A Short History of BYOD
Simply put, it stands for Bring Your Own Device. It started in the old days – you know, way back before Smart Phones – when some companies allowed employees to use their home PC or laptop to access corporate resources such as email and file servers. What they found was that this was a very bad policy. User devices were usually not that well maintained. Passwords were weak, antivirus software was out of date and companies were unable to protect their assets from these threats. As a result, smart business owners abandoned the policy.
Flash forward to today and organizations are faced with a whole new, yet similar, threat – Smart Phones. Yes, I said threat. The use of a personal device which a company has no control over is a threat. But the reality is that organizations of all sizes are allowing users to BYOD.
Pros of BYOD
The most obvious benefit of BYOD is cost savings – the cost of the technology is moved from your company to the user. Consider it – the company is no longer spending money on hardware and nearly all of the maintenance, support and upgrades are handled by the user and their cell provider. This can add up to a significant savings.
Add to this user satisfaction. If users are allowed to bring their own devices, they’ll generally be more satisfied with the systems they’re using because they’ve made the choice to buy that particular device.
Cons of BYOD
Of course there is a downside to BYOD. The biggest disadvantage of BYOD is that you’ll lose control of the hardware. Users can add software as they please, some of which may pose a security risk. You won’t be able to enforce the use of a password and, as a result, if an unprotected phone is lost or stolen any company data stored on it is at risk.
Another major issue to overcome is usage policies. As employees will be using their own device it will be harder to tell them what is considered acceptable use.
And then consider what happens when an employee leaves your company? If they’ve been using their own device it can be a chore to get the data back, let alone establish who owns the data in the first place.
So What Do I Do?
First decide whether you will allow a BYOD environment. If you choose not to then you will need to ensure that corporate resources are unavailable to devices that are not company issued. Depending on your infrastructure there are several ways to do this and each has its own considerations.
If you DO embrace BYOD then here are a few things you need to do.
- Create a BYOD policy that clearly states your expectations and has a usage policy regarding network and data.
- Include things such as data ownership, employee termination and device wiping.
- Include backup, password and security requirements.
- Communicate this policy to all employees.
- Have employees sign a copy of the policy agreeing to its terms.
- Incorporate data ownership and device wiping into your employee exit procedure.
You should also consider some technological solutions to assist in enforcing your policy and manage these devices. MDM (Mobile Device Management) software and solutions are just now starting to catch up with the market and can add real benefits to your written BYOD policy such as:
- Lost or stolen devices can be tracked, locked and wiped
- Password usage can be enforced.
- Access to unsecured wireless networks can be blocked.
- Show devices that have been tampered with and more.
Additionally, MDM software can be used to remotely configure a device, install software and provide the end user with remote support.
Policy and Practice
Whether to allow BYOD or not is a choice you're going to have to make for yourself. Each has benefits, problems and associated costs. You will have to decide what best serves your business. Since BYOD has already been widely adopted by the SMB community and continues to gain ground the real question may be "how am I going to deal with it?"
With a good, comprehensive and well communicated BYOD policy in addition to MDM software to help enforce the policy, you can limit your exposure to the risks inherent with the use of personal devices for company business.
About David Mitchell
During work hours David is the President of Plenary Technology, an IT Services company in New Jersey that helps small businesses save money by reducing down time. Off hours he spends as much time as possible romping thru the woods with his dog, Maggie