What to include in your business’s BYOD policy.
We’ve talked about the pros and cons of adopting a BYOD policy for your business. But what kinds of requirements should such a policy include? Any good BYOD policy should include certain elements to establish best practices that will protect the interests of both your company and your employees. Here’s what you should include.
Do you want to allow your employees to conduct company business from their laptops, but not their tablets? How about their cell phones? You may also need to specify which operating systems you will allow. For instance, you may be willing to support Android phones but not iPhones, PCs but not Macs—or vice versa. Since our IT department will need to work with your employees to for device support, it’s important to establish which devices this will cover.
Most of us tend to be more lenient with our personal security. However, when we’re using our personal devices for company business, employers shouldn’t be expected to accept security risks resulting from lax employee behavior. Establish in writing what kinds of password protection employees must have enabled, or what Internet connections they can use for company business. Also make sure you have a way to ensure employee devices stay up to date with their security patches and software updates.
You might think it should go without saying that employees can’t be using your business network for illicit activity—but say it anyway. Does your business have certain apps or programs that they won’t allow during work hours? What about content downloaded from the Internet? If you have concerns about your employees inadvertently downloading risky programs, you may want to put a requirement that only apps from the Apple store or Google Play can be permitted.
If employees are drawing on their own data plans for company business, or if added usage causes their device to wear down prematurely, your business will need to have a reimbursement plan in place. Determine in advance the extent to which your company will subsidize data plans, roaming charges, or new/replacement devices.
What happens when an employee leaves the company? With a company-issued devices, it’s a simple enough matter to require employees to return the company device. But when the device belongs to the employee, this isn’t possible. Similarly, performing a wipe of all data can impact the employee’s personal files.
In spite of these complications, employers have a right to ensure that sensitive company and customer data stays within the company. If the device in question has been used to handle such information, employers should make their data wipe policy clear from the beginning so that employees have the ability to backup their personal files beforehand.
This policy should also define which apps and programs belong to the company so that the company doesn’t continue to pay for software licenses on devices owned by ex-employees.
Following BYOD Policy Best Practices Can Benefit Employee and Employer Alike
If these best practice requirements make enacting a BYOD policy seem like more trouble than it’s worth, then you may want to re-think your decision before moving forward. However, many businesses have had positive experiences with successful BYOD policies, and they’ve become increasingly popular among employees as well. So instead of writing them off, focus on creating a thorough policy that will keep both parties satisfied.