Preparing your business for BYOD

While  bring your own device (BYOD) can have positive implications for workplace flexibility, efficiency and productivity, it also raises concerns around security and protection of business-critical data and cyber security risks for business.

So, how can businesses tackle these challenges? The key is a robust BYOD policy.

The benefits of BYOD

Before we get into the specifics of implementing a BYOD policy in the workplace, let’s look at some of the potential advantages of allowing employees to work from their own devices:

• increased productivity as a result of employees being able to work from anywhere, at any time using portable devices such as smartphones and tablets
• increased efficiency by allowing employees to access key data and work on the go
• reduced hardware costs for the business
• better work-life balance for employees, who can manage their work and personal duties more seamlessly
• reduced overheads, such as real estate costs, because employees can work remotely
• improved customer service, especially for employees who are often on the road or out of the office
• improved business continuity if employees are unable to work in the office due to an interruption, such as a power outage
• flexibility for employees to use devices they are familiar with and have tailored to their preferences

Best practices for implementing a BYOD policy

There are plenty of good arguments for adopting a BYOD policy in the workplace, but there are also undeniable risks in permitting employees access to sensitive data from personal devices.

It could, for example, increase the likelihood of security breaches and data leaks. That's because individual employees are unlikely to have the same level of IT security measures on their devices that a business with dedicated IT personnel would have.

Giving employees the freedom to access business data from their personal devices can also raise the risk of someone taking critical data with them when they leave the business.

So, for a BYOD policy to be successful, a business must conduct a thorough risk assessment analysis. This helps identify key areas of concern and to implement best practices to control the use of personal devices.

Here are our five tips:

1. Outline which devices are pemitted

Some older smartphones, laptops or tablets may not support the basic level of security you require to keep your business data safe. With that in mind, it's important to specify which devices are allowed under your BYOD policy, including minimum operating system requirements with security patches up-to-date.

Software should also be completely up-to-date for e.g. Chrome, Firefox, Adobe Reader and enabling anti-virus and firewall protection on all devices is also important.

2. Conduct user security training

Every employee should understand and follow cyber security best practices, including:

• using a complex, unique password on all devices
• enabling two-step verification for key accounts
• avoiding pop-ups, unknown emails and unverified attachments or links
• following company procedure for data storing and sharing.

3. Specify data ownership rules

Although it may seem obvious that your business owns the information stored on the servers of your employee's access, problems can arise if personal devices need to be wiped in the event of a data breach.

Your BYOD policy should clarify that you have the right to access and wipe data on personal devices in the event of a cyber security incident.

4. Define a service policy for employees' devices

Make sure employees understand the rules and boundaries around support for personal devices.

Consider:

• What level of support will you provide to connect employees' devices to your network?
• What kind of support will you provide for updating or repairing devices?
• What will happen if a problem with a personal device is preventing an employee from accessing critical apps or data?
• When are employees responsible for managing their own devices?

Answering these questions up front in your BYOD policy can help avoid confusion when it comes to onboarding and handling device issues.

5. Implement an employee exit strategy

Consider what will happen when employees using their own devices leave the business. How will you enforce the removal of access tokens, email, data and other proprietary information?

Depending on your business requirements, this could be a case of disabling access as part of your employee exit checklist, or you might choose to do a full wipe of the device. If you decide to make wiping devices mandatory, you should also have a clear strategy in place for backing up and restoring employees' personal data.

With a strong policy in place, you can take advantage of all the benefits of BYOD while minimising the potential pitfalls including data breaches and cyber security risks for business.