Has Your Company Implemented a BYOD Strategy?

Social Media Investigations…What can they find?
July 3, 2017
Digital Forensics: Does My Law Firm Need an Expert?
September 15, 2017
Show all

Has Your Company Implemented a BYOD Strategy?

Businesses and companies continue to debate the pros and cons of bring your own device (BYOD) strategies.  On one hand, businesses like the fact that it can potentially reduce the cost of hardware and software for the company by allowing employees to use their own personal devices while working.  In addition, many employees appreciate the additional freedom of being able to use their own phone or computer at work which may lead to additional productivity.

However, not all employers are excited about a “bring your own device policy.” Those who oppose using these strategies often cite concerns about the security risks or the fact that their company IT infrastructure will not integrate well with “bring your own technology” policies.  This leads to the big question… is it even possible to stop employees from bringing and using their own devices at work?

This is a trend that is only getting stronger.  Locally in the Washington, D.C. metro area, bring and use your own technology policies are especially popular.  But before you allow employees to use their personal devices at work, it’s important to implement a strong, carefully crafted policy in place to protect both the company and your employees from security threats and other technological challenges.

What are the advantages of BYOD?

  • BYOD can save employers money. Employees use devices they already own and are responsible for. This means the organization can cut costs on technology and staffing.
  • Productivity and communication rates have the potential to improve. Employees are comfortable with and adept at using their own phones, tablets or laptops. They can also use them easily anywhere, at home, on vacation or even during sick leave.
  • In a BYOD-friendly work environment, employees and employers can communicate with each other seamlessly. Employers can also integrate new hires quickly without having to train them on new and possibly unfamiliar devices.
  • In an increasingly mobile society, employees appreciate the opportunity to work on-the-go. A bit of workplace flexibility often goes a long way to improve employee satisfaction and overall morale.

What are any disadvantages associated with BYOD?

  • An organization that allows employees to bring their own devices has less control over the actual devices used. The network will need to be able to handle a variety of devices without becoming overloaded.
  • Supporting mobile devices will undoubtedly need to be a high priority.
  • There is a potential security disaster waiting to happen if devices are lost or stolen and not protected by a strong passcode. People could access enterprise data through an employee’s smartphone and act maliciously. Malware can even be passed from a personal device to the company server.
  • Personal devices may become a distraction. This blurring of the lines between personal and professional lives can be hard to manage for more traditional organizations.

Many of the risks associated with BYOD can be minimized with careful planning and strict company policies.  Below are a few tips to help you create a strong BYOD policy:

Establish clear security guidelines:  Even though employees might be using their personal phones and other devices, they must learn to treat these devices differently once they are being used for business purposes. Despite all the warnings, even today many people resist using passcodes and screen locks because it reduces convenient access to their devices and content.  It must be made clear in your BYOD policy that all devices must utilize security barriers. To avoid any confusion, make it explicitly clear which security measures you will require for which devices.

Develop a strong password policy:  This does not mean that all of your employees will use the same password to secure their devices. It simply means that all of your employees must understand how to create a strong password.  We recommend that you require regularly scheduled password changes.  In addition to requiring regular changes, it is wise to implement other rules regarding passwords. These can include stipulations such as all passwords must be of at least a certain length, contain at least one letter, one number, one uppercase letter, a symbol or any other specific requirements. Your employees may not be happy about these requirements, but they will soon grow into the routine and will make your company’s system more secure.

Specify which devices may be used:  In today’s technologically advanced world, “personal device” can refer to many different items: tablets, phones, personal computers, iPhones, Androids, even the iWatch, etc. If you do not specify which types of devices are acceptable for your BYOD policy, you may find yourself facing challenges regarding security and day-to-day operations.  If you are going to be using a mixture of company devices and personal devices, or if employees need to download software, it will be important for everyone to have compatible devices. When developing your company policy, include a list of acceptable devices.

Create a policy regarding acceptable applications:  Once your employees have confidential data on their devices, they must approach applications differently. Not all applications have stringent security measures in place, and some will pull information from the device’s memory or from other applications.  It is important to have a policy in place regarding apps that are acceptable and apps that are banned. It may be necessary to require that employees request permission before downloading any new applications onto their personal devices if they are using them at work.

Develop a strategy to deal with employees leaving the company:  BYOD policies become problematic when an employee leaves your company. Your policy must indicate that an employee agrees to have all business and company information as well as applications removed from the device before separation. Make sure you Incorporate safe device wiping procedures with other employee exit tasks such as an exit interview. Your BYOD agreement may stipulate that this data wipe must take place within a specific number of days of the resignation.

BYOD plans and policies should be as unique as the organization implementing them. Following these tips will allow you to reap the advantages of BYOD while combatting any associated risks.

About Prudential Associates

Prudential Associates was founded by former Army Intelligence Officer Robert Miller in 1972, who began serving the local legal community as an investigative, surveillance, and intelligence resource.

Prudential Associates has expanded its service footprint geographically and added over 70 extremely valuable staff members and experts; our consulting and service operations have taken place in thousands of locations on nearly every continent. To date we have achieved recognition as the premier resource for clients in sectors such as: television and movie production; maritime services and shipping; large event/concert planning & security; pharmaceutical production; shipping and logistics; human capital management; and, perhaps most notably, in the legal service industry, given our highly distinguished investigative, surveillance, and digital forensics expertise.

Our in-house computer and cell phone forensics lab rivals or exceeds the capabilities of over 90% of the law enforcement labs in the United States, as well as over 99% of those overseas.

For a greater insight into our experience, expertise, and operational history, please see our Corporate Resume.

Contact us today to discuss a BYOD policy and your digital forensic needs. Get in touch with one of our experts now by visiting www.prudentialassociates.com.