Mobile technology has blurred the lines between our personal and work lives. Does your company allow employees to connect to its network using personal electronic devices, such as smart phones, tablets and PCs? What situations does your written bring-your-own-device (BYOD) policy cover? There are no universal answers to these questions. Every business needs to balance the expected benefits against the potential risks.
Once upon a time, employers had absolute control over technology. They provided employees with the equipment needed to do their jobs, including cell phones and personal computers. They also replaced and supported all of this electronic equipment. Employees could only access their organizations’ networks when they were on site using desktop computers. If they left their companies, employees were generally required to return all company-owned equipment.
A Brave New Mobile World
Today, we live in an on-demand, mobile world — and it’s changed the way we do business. In many cases, employers have less control over technology equipment and the confidential data it stores. There’s another aspect to this loss of control: Our personal and business lives are less separate.
As of January 2014, 55 percent of Americans owned a smart phone and 42 percent own a tablet computer, according to the Pew Research Internet Project. The percentages are even higher among people with higher levels of income and education.
Many employers are tapping into this technology to enable employees to work remotely 24/7. This brings greater access, flexibility, convenience, functionality and productivity. The key to reaping maximum benefits is allowing employees to choose their preferred devices with a well thought-out bring-your-own-device (BYOD) initiative.
The top manufacturers — including Apple, Amazon, Android and Blackberry — each have a loyal following. So loyal that more than 40 percent of users sleep with their smart phones next to their beds! Studies show that if employees can select their preferred devices, it improves job satisfaction and can even be used as a selling point when recruiting new employees.
In addition, because many employees already own these devices and tend to update them often, employers may be able to eliminate the cost of purchasing and updating cell phones and other mobile devices. Some employees might even be willing to use their own personal computers and printers — in exchange for the ability to work remotely — which can provide even greater cost savings.
When calculating cost savings from a BYOD initiative, offset them with the added costs of supporting multiple operating systems and devices. Ask your IT department to provide a list of devices that it can easily support and that have acceptable levels of security. The more devices IT supports, the more time-consuming and costly your BYOD program will become.
Who’s On Board?
Despite the upsides of BYOD work environments, approximately 30 percent of employers explicitly forbid employees from accessing the network using personal devices, according to a 2013 survey by software provider Acronis and the Ponemon Institute (an IT research firm).
That leaves 70 percent of employers accepting some form of bring-your-own-device program, either explicitly with a formal policy or by default. A 2012 Microsoft survey found that 67 percent of workers use their personal devices at work whether the company has a policy or not. So it looks like BYOD is here to stay — for better and for worse.
What’s Your Company’s BYOD Policy?
If you’re unsure what your company’s BYOD policy is, you’re not alone. The 2013 Acronis study found that 60 percent of employers have no formal policy in place. By failing to address this issue head-on, employers may be exposing themselves to a Pandora’s Box of security and liability risks.
For example, what happens if an employee:
- Leaves the company voluntarily or involuntarily?
- Loses or recycles his or her personal device?
- Shares the device with friends or relatives?
- Uses unprotected public wireless networks for work-related activities?
- Syncs his or her mobile device with an undisclosed personal computer or local cloud network?
- Travels overseas where the device is subject to loss, theft or search and seizure at border control?
- Gets into an accident while driving and accessing the mobile device for work purposes?
- Downloads an app or scans a QR code that contains malware?
- Suffers a repetitive-stress injury (such as “smart phone thumbs”) from using a personally-owned device for work purposes?
A comprehensive BYOD policy takes relevant scenarios into account and attempts to mitigate the company’s exposure to risks.
More Surprising BYOD Stats
Many of the bring-your-own-device policy tips listed in this article may seem like common sense, but the 2013 Acronis survey revealed some startling facts:
- Only 21 percent of respondents perform remote device wipes when employees leave the company.
- Only 31 percent of companies mandate a device password or key lock on personal devices.
- Nearly 80 percent of organizations haven’t trained employees on BYOD privacy risks.
- Employers who operate without a BYOD policy and safeguards in place expose themselves to potential security breaches and liability claims.
Every business has a choice when it comes to implementing BYOD programs in the workplace. After weighing the pros and cons, express your decision regarding BYOD loud and clear with a formal written policy — and follow up with annual training.