While BYOD may be a hotly debated topic in the tech space, it is generally a shared belief that if you’re going to empower employees to use the mobile device of their choosing you need a policy. It’s important to give employees choice in the workplace but there also need to be firm guidelines and procedures to protect your organization and the information it’s responsible for.
Here are 7 things to consider when you’re creating a BYOD policy:
SPECIFY WHAT DEVICES ARE PERMITTED
While this may seem to take away from the spirit of BYOD, it is important to set parameters on what devices you are going to be supporting from an organizational level. Different operating systems may have different security features or vulnerabilities. Also, since you will presumably be providing in-house support for mobile devices you need a system that your team can work with.
DETERMINE WHO OWNS INFORMATION STORED ON THE DEVICE
If a device is lost or stolen it will have to be wiped – what happens to employee property on the phone, including photos, music, and apps? Ensure your policy clearly outlines the procedures around these events. While attempts may be made to recover lost data, employees should know that they are storing personal items on their phone at their own risk.
PROVIDE A LIST OF PERMITTED APPS
Are employees granted free reign when it comes to downloading apps on the device? Employees should be explicitly told what apps are permitted, as well as those that have been blacklisted. Do not forget to update this list frequently to stay current with changing technologies.
DECIDE ON PHONE NUMBER OWNERSHIP
Phone numbers can be valuable currency. As a salesperson or a customer service provider, your phone number is a strong link between the organization and its customers. But the same number can also be important in a person’s private life. It is the number provided to a dentist, lawyer, and grandmother. So, who owns the number when someone leaves the company? There should be a clear stance on this from the beginning.
AGREE ON A PAYMENT STRUCTURE
Whether your organization pays the entire bill, or gives a stipend for monthly use, be clear on who is footing the bill for the mobile device and its voice and data plan. Discussing this from the get-go will save a lot of headaches and misunderstandings in the future.
OUTLINE SECURITY REQUIREMENTS
Be clear on what you expect when it comes to device security. Give parameters on password protection, including password length, special characters, and capital letters. Define how long a device should be inactive before it locks. Include rules surrounding which devices are permitted access to your internal network.
While a BYOD policy can help protect your business, it is important that you do not treat it as a security blanket. Perform routine checks to determine how the policy is working, what needs to be changed and what should be scrapped altogether.
This list is not intended to be an exhaustive document on what to include in your policy. Rather, think of it as a good starting point for constructing a policy that works best for your organization.
TitanFile, 2013, 7 Things to Include in your BYOD Policy, April 3, 2013, <https://www.titanfile.com/blog/7-things-to-include-in-your-byod-policy/>