Businesses and companies continue to debate the pros and cons of bring your own device (BYOD) strategies. On one hand, businesses like the fact that it can potentially reduce the cost of hardware and software for the company by allowing employees to use their own personal devices while working. In addition, many employees appreciate the additional freedom of being able to use their own phone or computer at work which may lead to additional productivity.
However, not all employers are excited about a “bring your own device policy.” Those who oppose using these strategies often cite concerns about the security risks or the fact that their company IT infrastructure will not integrate well with “bring your own technology” policies. This leads to the big question… is it even possible to stop employees from bringing and using their own devices at work?
This is a trend that is only getting stronger. Locally in the Washington, D.C. metro area, bring and use your own technology policies are especially popular. But before you allow employees to use their personal devices at work, it’s important to implement a strong, carefully crafted policy in place to protect both the company and your employees from security threats and other technological challenges.
Many of the risks associated with BYOD can be minimized with careful planning and strict company policies. Below are a few tips to help you create a strong BYOD policy:
Establish clear security guidelines: Even though employees might be using their personal phones and other devices, they must learn to treat these devices differently once they are being used for business purposes. Despite all the warnings, even today many people resist using passcodes and screen locks because it reduces convenient access to their devices and content. It must be made clear in your BYOD policy that all devices must utilize security barriers. To avoid any confusion, make it explicitly clear which security measures you will require for which devices.
Develop a strong password policy: This does not mean that all of your employees will use the same password to secure their devices. It simply means that all of your employees must understand how to create a strong password. We recommend that you require regularly scheduled password changes. In addition to requiring regular changes, it is wise to implement other rules regarding passwords. These can include stipulations such as all passwords must be of at least a certain length, contain at least one letter, one number, one uppercase letter, a symbol or any other specific requirements. Your employees may not be happy about these requirements, but they will soon grow into the routine and will make your company’s system more secure.
Specify which devices may be used: In today’s technologically advanced world, “personal device” can refer to many different items: tablets, phones, personal computers, iPhones, Androids, even the iWatch, etc. If you do not specify which types of devices are acceptable for your BYOD policy, you may find yourself facing challenges regarding security and day-to-day operations. If you are going to be using a mixture of company devices and personal devices, or if employees need to download software, it will be important for everyone to have compatible devices. When developing your company policy, include a list of acceptable devices.
Create a policy regarding acceptable applications: Once your employees have confidential data on their devices, they must approach applications differently. Not all applications have stringent security measures in place, and some will pull information from the device’s memory or from other applications. It is important to have a policy in place regarding apps that are acceptable and apps that are banned. It may be necessary to require that employees request permission before downloading any new applications onto their personal devices if they are using them at work.
Develop a strategy to deal with employees leaving the company: BYOD policies become problematic when an employee leaves your company. Your policy must indicate that an employee agrees to have all business and company information as well as applications removed from the device before separation. Make sure you Incorporate safe device wiping procedures with other employee exit tasks such as an exit interview. Your BYOD agreement may stipulate that this data wipe must take place within a specific number of days of the resignation.
BYOD plans and policies should be as unique as the organization implementing them. Following these tips will allow you to reap the advantages of BYOD while combatting any associated risks.
Prudential Associates was founded by former Army Intelligence Officer Robert Miller in 1972, who began serving the local legal community as an investigative, surveillance, and intelligence resource.
Prudential Associates has expanded its service footprint geographically and added over 70 extremely valuable staff members and experts; our consulting and service operations have taken place in thousands of locations on nearly every continent. To date we have achieved recognition as the premier resource for clients in sectors such as: television and movie production; maritime services and shipping; large event/concert planning & security; pharmaceutical production; shipping and logistics; human capital management; and, perhaps most notably, in the legal service industry, given our highly distinguished investigative, surveillance, and digital forensics expertise.
Our in-house computer and cell phone forensics lab rivals or exceeds the capabilities of over 90% of the law enforcement labs in the United States, as well as over 99% of those overseas.
For a greater insight into our experience, expertise, and operational history, please see our Corporate Resume.