Creating a BYOD Plan
Many companies are now allowing employees to “BYOD” or Bring Your Own Device to work. It’s great for the company, as they don’t have to worry about obtaining new equipment for the employee. It’s great for the employee who can get exactly what they want to use to do their job. It also minimizes the number of devices an employee will have to carry because likely the work device will lose in most situations. It can be harmful in many ways too. Having a plan in place that employees and employers agree to at the beginning can help mitigate those issues.
Your BYOD plan will need to address the following areas:
Obviously, security is the number one concern for the business. An employee on a device that they have paid for, may not be as concerned with how the device is used. They will let their children use it, they will use the device to browse for personal items and more. That will open the device up to viruses, malware, and other types of security breaches. Each employee should be given virus protection software for the device. Whether it’s a mobile phone or a full laptop, it should have a standard virus protection suite. Scans should be performed on a regular schedule and virus definitions constantly updated.
The device should also have a password required to access the system. In the event that the device is lost or stolen, it should be difficult for the person who has the device to access sensitive company information stored inside. The password should also be changed on a regular basis or should require two-factor authentication.
Another key factor in an employee bringing their own device is support. Many companies pay for a Managed IT Support provider like us to help make sure all of the systems on the company network are functioning properly, and the employees have the necessary technology to do their job. Often the Managed Service Provider will place management software on the employee’s devices to help manage system updates, virus updates and scans and the ability to remote control the machine when support is needed. Having an agreement that software such as this will be necessary on the employee’s device will set the expectation ahead of time, so there are no surprises when it comes time to install the agent.
This also usually means the company will need to be granted the ability to remotely wipe the machine of any data at any given time. In the event of theft of loss of the device, remotely wiping the information on the device will become crucial so company data will not fall into the wrong hands.
While most applications would be fine for a personal device, there are some applications you would definitely not want on a company device. Mainly applications that can leave the device open to security threats. Many torrents or streaming applications can be filled with spyware and malware. Determining a list of applications or application types that you absolutely will not allow on a machine that has access to company data is a great way to help employees understand the risks associated with those.
Another issue that can arise is bootlegged software. When an employee installs software that they don’t have a proper license to use, the company could be held liable for that violation. Make sure employees know that installing software without a proper license is against the rules, and could lead to termination.
For mobile devices, using the setting that will not allow the installation of 3rd party apps is another important item to add to the list. This means any apps that can not be installed from the official store for the device should not be added.
Anything that could potentially put company data at risk should be reported to a supervisor immediately for appropriate action. This includes acquiring a virus or loss or theft of the device. When reported, the managed IT support provider can then take action to prevent the loss of company data.
Lastly, the agreement should remove any responsibility for replacing the device from the company. If the device is lost, damaged or stolen it will be up to the employee to replace the device in a timely manner to reduce the effect of the incident on the productivity of the employee. It will not be acceptable for an employee to not be able to do their job for a week while they wait on getting a replacement device. Your company may have a few spare devices on hand for employees to borrow while they work on getting a new device, but that will be something you will want to work out ahead of time.
Making sure these bases are covered will help allieviate any issues that could arise from employees using their own devices to get their job done, and should be a benefit for both employee and company.
Eric is the owner and CEO of Protek Support and is a CISSP (Certified Information Systems Security Professional). He graduated from Utah State University with a Bachelors of Science degree in Business with an emphasis in Information Technology (IT). He is an IT Services expert in a variety of technology related fields. Some of these fields include document management software/hardware, enterprise level networking and VoIP phone systems, as well as large scale software implementation projects and the setup of small business networks.