Bring Your Own Device or BYOD is a growing mobility trend, which allows employees to “bring their own devices,” to use for work purposes and to access company information. Allowing employees to bring and use their own smartphones and tablets can be a good thing, but it can also pose a risk to the company. Let’s explore…
First, why do companies initiate and/or permit BYOD?
Some companies implement a BYOD option to save money. Smaller companies with smaller budgets see this as an opportunity to lessen equipment expenses, but still increase productivity and provide flexibility. If they can reallocate some of their hardware budget and use it for software, they could improve systems rather than outfit employees with Blackberrys and iPhones. Also, if employees have mobile devices and want to work from off-site locations (and in this day and age, that’s huge), why not let them?
This leads to companies that sometimes deploy this option as more of an HR strategy – as part of a company morale and employee satisfaction initiative. Through BYOD, employees aren’t burdened with carrying multiple devices, and can ultimately work “after-hours” since they have access to what they need through their mobile devices. It also provides a sense of empowerment and doesn’t require employees to learn new devices, but to use what makes them feel most comfortable.
The BYOD option can also focus on productivity, and by allowing employees to BYOD, it could result in shorter process times with quicker turnaround since access can be from anywhere at any time. Employees might enjoy this sense of “freedom,” which doesn’t keep them tied to their desk at lunch or after office hours.
So all this sounds good, but what are the potential downsides?
For one, BYOD might not actually save money. When looking into how this will affect the bottomline, there are many considerations in the cost analysis, which can sometimes be overlooked:
1. Who will write your acceptable use policies and agreements? When asking employees to get on board with the initiative, they must agree to specific terms that will help to regulate activities and explain how information can be protected. Since this trend also blurs the line between personal and company life, it is important to differentiate who owns specific information and what will happen to the information and device in various scenarios (ie. employees leaves, employee is terminated, etc.).
2. What is the projected IT support cost? Users will expect comprehensive IT support during the installation of specific programs and other security measures, and during implementation. Internal IT teams need to widen their skills and understand the risks and troubleshooting on a variety of devices and adapt accordingly – don’t overlook this expense.
3. What will the security cost be? To address the most pressing issue of protection, companies can purchase BYOD solutions, which can be a great solution to finding the balance, however this is a cost involved. Companies might also look into creating proprietary enterprise applications, which could provide more security than allowing browser access to certain virtual workspaces.
So if all the reasons point to BYOD as a positive solution, what are some best practices?
1. Look to the procurement process and provide a list of approved devices. Just because it is BYOD, it doesn’t have to be bring any of your own devices. By adding a restriction on devices, it will be easier to adopt specific protection and IT solutions.
2. Expand the capacity and knowledge of the IT staff to ensure employees will be well-educated and will be provided quick and efficient solutions when they experience troubleshooting and device issues. This can even include providing an online wiki moderated by the IT department that addresses some FAQs.
3. Review security options. Your best option might be a customized software solution or an enterprise application – both which can provide added protection – or you might simply add a lock-and-delete policy for stolen/lost devices and require all devices be secured through a constantly changing password lock.
4. Initiate an internal communications program to educate, train and present risks to all employees. It is so important to ensure employees are not only accepting of the policy, but that they understand exactly what they are agreeing with when opting into the program. Explain what happens if their device is stolen, broken and/or they download malicious software. The better informed employees are, the more likely they will strive to comply and serve as a barrier to information exposure.
As Brian Katz of Sanofi points out, “Security is the main concern. BYOD can absolutely be done and it can really work, but it has to be done correctly and for the right reasons. Once the goals are in place, the strategies, solutions and security measures can follow accordingly.” So in short, a well-created and executed BYOD program can lead to higher employee satisfaction and productivity, while still protecting company information.