Client Login

BYOD – Time to Face Reality and Create Policy

In 2013, the mobile phone user rate in the United States was at 78%. If you don’t have a BYOD (Bring Your Own Device) policy already in place, now is the time to get started. Chances are, almost all of your employees have a smartphone and want to use it for business purposes.

Eight “must haves” to include as part of your BYOD Policy in the employee handbook:

1. Specify What Devices Are Permitted Under BYOD

Will you limit devices to a specific type of device (phones, tablets, personal laptops) or operating system (i.e. Android or IOS)? You don’t need to specify each individual model or device (there are too many of them), but addressing these general categories will clearly spell out what you mean by “your device”.

2. Specify Security Rules/Requirements for the device 

Companies often have stringent password rules and requirements for on premise desktops and laptops, so why not extend those rules for these devices?

The issue – A survey conducted by Sophos found that 67% Percent of Consumers Don’t Have Password Protection on Their Mobile Phones. This means you’ll need to document that BYOD participants must implement a stringent password system equal to your corporate equipment policy, to protect sensitive data. You should also specify how this policy will be enforced, and the consequences for not following device policy.

3. What Services Will You Provide Under BYOD

One of the biggest headaches of a BYOD policy surrounds service. Consider:

  • Who will setup the capability on the employee’s device
  • Who will provide service?
  • What are the limits of service? (i.e. connection to email, cloud-based corporate apps)
  • What is the escalation procedure for a lost or stolen phone?

These items need to be addressed so that you set the proper expectations, create boundaries and limit the drain on corporate resources to only the necessary functions.

4. Ownership  

It is important to specify that the employee owns the device, but the company “owns”the data, attachments and business applications on the phone. It is even more important that you document what will happen to the device when an employee separates from the company. Typically, companies reserve the right to erase all of the data and business related apps on the device, but this needs to be clearly spelled out in your Bring Your Own Device policy.

 5. Banned Applications

Applications downloaded to devices may have security holes and pose a risk for company data on the device. However, it might be difficult to restrict employees from using social media and other popular apps (see Top 25 mobile apps) on their phones. Some companies restrict specific games or types of games that are known to be associated with viruses (i.e. on-line gambling apps) to limit risk.

6. Usage Under BYOD

In general, the usage policy for mobile devices should closely relate to your usage polices for in-the office behavior. This might include banned sites, policy on sending pictures through your network, and other rules to limit risk.

Also – will you reimburse employees for text and air time charges?  Will you allow them to submit expenses reports for charges or expect them to absorb charges? This will need to be specified.

7. Exit Stage Left – Terminations and BYOD

Employees do not stay forever. You’ll need to stipulate what happens when then separate from the company as part of the exit process. This might include items such as deleting business apps from the device, deleting the email or VPN connections and other items. Consider adding a clause to review the device to make sure you have not missed anything.

Some companies insist on wiping the device, but remember that employees will have personal information (contacts, texts, photos and paid apps) on the device, which they own. Consider procedures to assist the employee with saving personal information.

8. You Wrote It – You Own It

Your policy is not a one-time paragraph and then forgotten. Technology changes rapidly, so someone or group in the organization needs to monitor capabilities, routinely review the policy, support new and existing users, review devices and enforce policies. May sure you define monitoring and enforcement policies and do spot checking so that you protect the company.

New tools now exist to assist companies with managing the mixed use of personal and business on a mobile device. There are two approaches:

Mobile device management (MDM) tools tend to be very conservative when it comes to managing corporate resources on users’ phones, with policies often applying to the entire device, including both personal and professional apps and data. Your users may not be willing to give up control of their smartphones in exchange for receiving access to corporate apps and data however.

A new emerging area is containerization – a class of management tools that carve out a separate, encrypted zone or policy bubble on the user’s smartphone within which some corporate apps and data can reside. In this way, policy controls apply only to what’s in the container, rather than to the entire device. Companies are favoring containerization tools because the use of traditional MDM tools could be a liability issue – interfering with the users’ ability to access their personal apps and data.

For further details on the differences:

Best BYOD management: Containment is your friend

Main Advantages to a BYOD Policy

  • Staying connected; Staying competitive

Employees who have these phones want to use them. They catch up on news, read blog posts, check stock prices, post comments and do a wide range of both personal and business activities. The most common business purpose is to check emails, and read attached documents.

Our technology-driven, always connected culture demands access to business emails before, during and after business hours. Immediate communications and faster decision making are vital to help your company stay competitive.

Note that if you allow Part-time, hourly employees to review emails outside of work, that’s considered “work” and needs to be paid.  Therefore, you might want to restrict your Bring Your Own Device policy to cover full-time, exempt employees only.

  • Enhanced productivity

There are tremendous productivity gains to be realized when you allow employees to use their smartphones in conjunction with some of your business processes.

Besides email, employees may want to look at paystubs, enter work hours (clock in and out), request time off or look at a company holiday calendar without calling the HR department. They want to be productive – and you should let them! Advanced Human Capital Management (HCM) solutions, like iSolved, let employees perform many of these items quickly and easily.

Is BYOD a Boon or Disaster for Companies?

Many companies will hotly debate this, but the reality is that it must be dealt with before you run into problems.