Build your own BYOD policy

As devices become more personal parts of people’s daily lives, it’s only natural for them to want to choose their own smartphone or computer. It works out pretty well for employers too, who save a ton of money on buying equipment.

But it’s not all rainbows and sunshine for companies who allow their employees to bring their own devices to work. There are some pretty serious potential risks in the form of security breaches, administrative issues, liability and more.

By writing a BYOD (Bring Your Own Device) policy, you can give your employees and your company the best of both worlds.

Your employees get to keep the device they’re happy with, and your company can address the concerns that come with employees bringing their own devices. A good BYOD policy addresses: security, acceptable use, devices, support, reimbursement and liability.

Let’s take a look at each aspect in more detail, so you’ll be ready to build your own BYOD policy.

Security Icon

Security

For SMBs, security is always an issue. Security measures must be put in place to protect your company from new and ever-growing threats like ransomware.

The security portion is the meat of your BYOD policy in a lot of ways.

A good BYOD will outline strong steps to protect your company, plus set up safety measures like lockouts after a certain number of failed logins for a device. What are the cases for employees to be allowed to connect to the network or disallowed from connecting to the network?

All devices should also be password-protected and have strong passwords that are not reused across accounts. It’s important to define what a strong password entails, including how letters, numbers and symbols must be included.

Acceptable use icon

Acceptable use

While security is often the first concern that comes to mind, there are a lot of ways employees can violate their company’s code of conduct using a smartphone.

Some may be against corporate policy, such as using certain apps. Some can even lead opening the company up to liability, such as an employee texting about a work issue while driving.

What about cloud storage? A good acceptable use policy outlines what employees are blocked from doing with their devices during the workday, what apps are disallowed, what company assets an employee is allowed to access with their device, the use of a device for harassment, even playing video games should be covered.

Device exclusions icons

Device exclusions

Are you open to your employees using Android and iPhones? What about BlackBerry? Are you okay with all models or are there certain models you wish to exclude from your network?

Additionally, you may want to exclude “jailbroken” devices.

Set down which electronic devices your IT department does or doesn’t allow, which may even entail allowed/disallowed operating systems or versions that present risks.

Support requirements icon

Support requirements

If something goes wrong with a device, is it up to your IT department to be responsible for fixing an iPhone 4 from 2010?

One of the advantages of companies purchasing equipment for their employees is that they can control the kind of equipment, and they know how to work on it. With BYOD, you’ll have a much wider range of devices and possible incompatibilities to deal with.

Give clear recommendations for maintaining devices and updating software

Outlining reimbursement icon

Outlining reimbursement

It’s essential to make any reimbursements that will take place for the device clear.

If an employee brings their own device, do you agree to pay any of the monthly charges for, say, their smartphone? What about roaming and additional fees that may go outside the regular monthly plan?

Be sure to clearly outline what the company will/will not reimburse employees for and whether those costs will be fully or partially reimbursed.

Liability considerations icon

Liability considerations

Finally, it’s important to give clear directions and lay out what will happen if the stated guidelines aren’t followed.

What’s the worst that could happen if your BYOD policy is violated? What if an employee loses their phone? How long do they have to report it? Does your IT department have the right to wipe the phone remotely without getting their permission first? Who’s responsibility if that leads to lost data, and there’s no backup?

Lay out all the risks of having personal devices and the basic precautions your employees are required to take.

Now, go build your own BYOD policy

According to CIO, “BYOD is largely unavoidable at this point.”

As the BYOD movement continues to gain steam, there’s really no going back. More to the point, there’s no good way to entirely prevent people from using their preferred devices. The only direction to move is forward.

It’s important for businesses to address the situation with clear policies. A well designed BYOD is a good balancing act. It makes for happier employees who can use the device of their choosing, and it gives companies the opportunity to reap the rewards of a BYOD policy while minimizing the dangers.