BYOD is popular because it lets workers use the devices they prefer and make them most productive
But BYOD means the phone I use to track bike rides is also the one I use to call clients, correspond with suppliers and store some work-related documents. And, of course, that phone also has the stuff you’d expect on anyone’s personal device: texts to friends, personal emails, photos of my kids, banking apps and so on.
This is where BYOD gets a little messy, because what would happen if I left that phone – and all those work-related emails, documents and details stored on it – in a cafe after a ride? And what if my boss and I had a dispute and, before kicking me out the door with all of my personal possessions in a box, she decided to wipe all of the business information from my phone, taking my family photos with it?
The good news is that employers can easily deal with these issues through a combination of policy and technology.
To make BYOD work for your organisation, set two baselines: what data can be accessed and stored on a BYO device and minimum tech specifications.
Outlining in writing what data you and a worker can access and retain on a BYO device avoids future disputes about what an employer can reasonably expect to access, delete or retrieve from a device, for example, family photos. It can also confirm if an employee can keep professional contacts, made as part of the job and stored on their own device, when they leave the business.
Having minimum tech specifications for BYO devices is important because not every device runs the latest and most secure software and not every person is diligent about installing each new update or security patch.
Along with minimum tech specifications, have some minimum guidelines about software updates, too. Creating rules around ‘patches’ (timely software updates created to respond to potential security issues) will help keep BYO equipment safe.
So, instead of risking an employee bringing in a clunky old laptop, riddled with malware and security vulnerabilities, you can insist that any personal device must meet minimum standards before it can access your business systems
The fact that some software won’t run on old devices is also an issue. If an employee’s phone can’t run an application needed to do the job, they can’t use it as their work phone. Outlining in the first place the minimum specs required means both you and the worker are spared an unnecessary moment of friction.
Need help protecting your business online?
Telstra Business Cyber Security Services offers 24/7 support and more.Find out moreNeed help protecting your business online?
Insist on security
Security policies are another must-have in a BYOD policy.
It should start with making a strong password mandatory (we discuss password managers in this article). Strong passwords mean devices are harder to crack if they are lost or stolen.
You can insist on encryption, too, so that the files on laptops cannot be read without the appropriate password. Windows (BitLocker) and Mac OS (File Vault) both have this feature, as do iPhones and Android devices.
Also provide security software, with automatic updates, to your team. The policy should make it plain that your employees must install any patches from software vendors whenever they become available. And, if possible, you should monitor BYO devices for non-compliant software and force users to update.
Monitor and segment
Although that last recommendation may sound like a hard ask, you can monitor BYO devices of all types with an emerging class of tool called enterprise mobility management (EMM) or mobile device management (MDM).
Both EMM and MDM tools can be driven from a website and allow you to manage multiple aspects of a device’s operations, and they’re another reason why you need clear policies around data access for BYO devices. Defining these policies before you shop for EMM or MDM tools will help you make the right choice and set the right expectations for staff.
Some EMM and MDM tools let you define segments inside a device, each accessible with different passwords – this helps staff separate work and play. Segmentation of this sort means that work files and applications will only ever reside in the work-defined segment of a device. If an employee leaves a job, that work-defined segment of the device will just disappear.
Setting sensible policies and backing them with BYOD management tools will help to keep staff happy, working productively with the devices they prefer while doing so in a secure environment you control.
Originally published April 5th 2017. Updated May 1st 2019.