Pros and Cons of a BYOD Work Environment Once upon a time, employers had absolute control over technology. They provided employees with the equipment needed to do their jobs, including cell phones and personal computers. They also replaced and supported all of this electronic equipment. Employees could only access their organizations networks when they were on site using desktop computers. If they left their companies, employees were generally required to return all company-owned equipment. More Surprising BYOD Stats Many of the bring-your-own-device policy tips listed in this article may seem like common sense, but the 2013 Acronis survey revealed some startling facts: Only 21 percent of respondents perform remote device wipes when employees leave the company. Only 31 percent of companies mandate a device password or key lock on personal devices. Nearly 80 percent of organizations havent trained employees on BYOD privacy risks. Employers who operate without a BYOD policy and safeguards in place expose themselves to potential security breaches and liability claims. Every business has a choice when it comes to implementing BYOD programs in the workplace. After weighing the pros and cons, express your decision regarding BYOD loud and clear with a formal written policy -- and follow up with annual training. A Brave New Mobile World Today, we live in an on-demand, mobile world -- and its changed the way we do business. In many cases, employers have less control over technology equipment and the confidential data it stores. Theres another aspect to this loss of control: Our personal and business lives are less separate. As of January 2014, 55 percent of Americans owned a smart phone and 42 percent own a tablet computer, according to the Pew Research Internet Project. The percentages are even higher among people with higher levels of income and education. Many employers are tapping into this technology to enable employees to work remotely 24/7. This brings greater access, flexibility, convenience, functionality and productivity. The key to reaping maximum benefits is allowing employees to choose their preferred devices with a well thought-out bring-your-own-device (BYOD) initiative. The top manufacturers -- including Apple, Amazon, Android and Blackberry -- each have a loyal following. So loyal that more than 40 percent of users sleep with their smart phones next to their beds! Studies show that if employees can select their preferred devices, it improves job satisfaction and can even be used as a selling point when recruiting new employees. In addition, because many employees already own these devices and tend to update them often, employers may be able to eliminate the cost of purchasing and updating cell phones and other mobile devices. Some employees might even be willing to use their own personal computers and printers -- in exchange for the ability to work remotely -- which can provide even greater cost savings. When calculating cost savings from a BYOD initiative, offset them with the added costs of supporting multiple operating systems and devices. Ask your IT department to provide a list of devices that it can easily support and that have acceptable levels of security. The more devices IT supports, the more time-consuming and costly your BYOD program will become. Whos On Board? Despite the upsides of BYOD work environments, approximately 30 percent of employers explicitly forbid employees from accessing the network using personal devices, according to a 2013 survey by software provider Acronis and the Ponemon Institute (an IT research firm). That leaves 70 percent of employers accepting some form of bring-your-own-device program, either explicitly with a formal policy or by default. A 2012 Microsoft survey found that 67 percent of workers use their personal devices at work whether the company has a policy or not. So it looks like BYOD is here to stay -- for better and for worse. Whats Your Companys BYOD Policy? If youre unsure what your companys BYOD policy is, youre not alone. The 2013 Acronis study found that 60 percent of employers have no formal policy in place. By failing to address this issue head-on, employers may be exposing themselves to a Pandoras Box of security and liability risks. For example, what happens if an employee: Leaves the company voluntarily or involuntarily? Loses or recycles his or her personal device? Shares the device with friends or relatives? Uses unprotected public wireless networks for work-related activities? Syncs his or her mobile device with an undisclosed personal computer or local cloud network? Travels overseas where the device is subject to loss, theft or search and seizure at border control? Gets into an accident while driving and accessing the mobile device for work purposes? Downloads an app or scans a QR code that contains malware? Suffers a repetitive-stress injury (such as smart phone thumbs) from using a personally-owned device for work purposes? A comprehensive BYOD policy takes relevant scenarios into account and attempts to mitigate the companys exposure to risks. Risk level varies depending on the nature of your business. For example, healthcare companies need to impose a fairly restrictive BYOD policy to limit the risks of violating the Health Insurance Portability and Accountability Act and hackers accessing protected personal data. Financial service companies and banks also handle confidential information that necessitate a more restrictive policy. Key Elements of a Comprehensive BYOD Policy A formal written policy outlines general rules about device use, including the rights of both employer and employees. The key is to balance protecting company interests with respecting workers privacy rights and allowing for continued personal use of the device. Heres some food for thought when drawing up a written bring-your-own-device policy: Payment. One big issue with BYOD is: Who pays the bill? Company policies vary widely. For example, an employer might pay for a predetermined number of voice minutes and an unlimited data plan for employees. Any charges above that amount are the employees responsibility. Many employers prefer to issue corporate-owned mobile devices but loosen the restrictions so employees can use them for personal tasks as well. This minimizes many of the privacy expectations, security concerns and liabilities issues associated with BYOD programs. But corporate ownership eliminates much of the cost savings, too. Phone numbers. Who owns an employees cell phone number? This is a big deal for salespeople and service representatives, especially when they leave to work for a competitor. Customers may continue to call a reps cell phone, leading to lost sales for the enterprise. Passwords. Mobile devices should lock if idle for five minutes and require a password or personal identification number to unlock. After five failed password attempts, the device should require assistance from the companys IT department to regain access. Strong passwords are essential. Avoid using common passwords (such as password) or personal identification numbers (such as 1234, 0000 or 2580, which is the middle column of digits on a smart device keypad). A typical strong password is at least six characters, including at least one uppercase letter, lowercase letter(s) and number(s). Require employees to change passwords and PINs every 90 days -- or anytime IT detects a possible security breach. Parameters. Ask IT to list which models, operating systems, and apps its willing to support. Also decide which apps and websites to block employees from accessing during work hours. Require employees to periodically submit their personal devices to IT personnel for configuration, updates and security checks. Strictly prohibit texting, e-mailing or web-surfing while driving. Expect workers to report lost devices within 24 hours, so IT can take the necessary protective measures. And always reserve the right to revoke the BYOD privilege if users dont abide by the rules. Syncing. Allow employees to sync only those files essential to their jobs. Assign network user rights to each individual based on an employees ranking or classification. Then, designate which files each type of worker can access and restrict syncing only those files. Better yet, employers can use a cloud computing platform to store all files and apps. Cloud systems often preserve data security, because users can access networks remotely without storing anything locally on their personal devices. Encryption. Encrypt all shared business files to prevent hackers and thieves from accessing sensitive information. In addition, employees should be instructed to never store encryption codes on their mobile device or laptops. Remote access. Enable all mobile devices with remote locate-and-wipe software in case of theft or employee termination. Remind employees that personal files (such as photos, contacts or calendars) may also be inadvertently erased if the company needs to remotely wipe a devices memory. Employees are responsible for backing up their personal data on a regular basis. Privacy issues. Employees should understand that participation in a BYOD program may give the company access to personal information, such as text messages or photos. However, the company should promise never to view protected information, such as privileged communications with attorneys, protected health information or complaints against the employer that are permitted under the National Labor Relations Act. Remind employees that personal information could become compromised if the mobile devices are infected with viruses or malware in the course of performing their job functions. Employers shouldnt be liable for security breaches that result in loss of personal data. Data retention. If your company becomes embroiled in litigation, all types of paper and electronic documentation may be requested during the discovery phase. Your companys data retention policies should be updated to include how data is stored on mobile devices, managed and gathered during litigation. Keep in mind that Rule 34 of the Federal Rules of Civil Procedure is generally written to cover all devices, including personal devices that access the companys network. Also consider requiring employees to route all e-mails through the companys server so you can archive messages -- rather than allowing employees to configure devices to use personal e-mail services. It potentially limits information leakage and makes it harder for employees to steal data through their personal e-mail accounts. It can also limit the probability of a virus being transmitted to the companys networks. No Cookie-Cutter BYOD Policies All types of employers -- including retailers, hotels, contractors, warehouses and factories -- have embraced BYOD programs, despite the risks. At some point, however, mobile-enabled employees will cease to provide a competitive advantage and become a prerequisite to staying in business in some industries. Contact your attorney and a forensic accountant to ensure that your BYOD policy covers all the bases, addresses all relevant security and liability risks, and is legally enforceable. BYOD policies are as unique as the companies that implement them -- no two are exactly the same. Some companies have lengthy users agreements. Others rely on short one-page statements. Some ultimately decide that BYOD is not worth the risks and, instead, adopt a policy that strictly prohibits using personal devices to access business data. Whatever your decision, its imperative that the policy is written. Every employee that uses personal devices to access business data needs to sign a users agreement, acknowledging that theyve read and understand the policy. Both sides also must consistently adhere to its terms. Violations need to be monitored, corrected and punished. After all, a BYOD policy is only as strong as is enforcement efforts. accupay.net
Posted on: Mon, 03 Mar 2014 21:02:52 +0000
Trending Topics
Recently Viewed Topics
© 2015