Written by Haydon Kirby, IT Account Director – 8th June 2016
Why should businesses consider a BYOD Policy?
Many businesses are now choosing to drastically reduce their investments in corporate devices and support a Bring Your Own Device (BYOD) arrangement instead. Despite the heightened security risks that BYOD poses to corporate network security, sensitive data and access to company files, the global trend continues to grow at a rapid pace.
BYOD is typically adopted by businesses to reduce device and usage costs but also to improve employee productivity and general morale, as employees prefer to use devices they are familiar with. Microsoft’s Enterprise Mobility Suite is used by 100’s of our customers to manage this.
Did you know that 70% of employees now connect to their work emails on their smartphones outside of working hours?
Effective BYOD Management
Effective management is key not only to monitor staff performance but to maintain a sufficient level of IT security and compliance. The key for a happy balance between employees’ wants and IT security management is two-way agreement that addresses each party’s concerns.
Businesses that support BYOD should have a BYOD Acceptable User Policy (AUP) implemented to provide guidance to employees about acceptable use of their own devices for work purposes and guidance on how to process corporate and personal data.
Whilst devices are personally owned by employees not the business there are a few steps businesses can enforce to ensure each device complies with your AUP. This ensures that if a device is lost or stolen, hacked or the employee leaves there is a reasonable level of security protection in place.
The Information Commissioners Office (ICO) recommends that within the BYOD policy businesses specify that:
- Devices are auto locked with a strong password
- Devices use encryption to store data on the device securely
- Devices have antivirus software installed on personal devices
- Businesses maintain a clear separation between the employee’s private and work data, for example, by only using apps which you have approved for business use and use separate apps for personal use.
- Businesses provide additional technical support to the employees on their personal devices when they are used for business purposes
- Businesses make clear to employees that they can only process corporate personal data for corporate purposes
To address the data protection and security breach risks, the ICO guidance also strongly recommends businesses specify the following:
- Which type of corporate data can be processed on personal devices
- How to encrypt and secure access to the corporate data
- How the corporate data should be stored on the personal devices
- How and when the corporate data should be deleted from the personal devices
- How the data should be transferred from the personal device to the company servers
We also assist clients with the creation and enforcement of BYOD security policies and smartphone & tablet compliance on both a local and national level.
How can we help with BYOD management?
You can also read more about this topic in the useful BYOD guidance document from the ICO.