Thinking of implementing a BYOD (Bring Your Own Device) policy? Discover everything you need to know.
Allowing employees to use their own device in the workplace could be hugely beneficial to a small business. It can save money, encourage a mobile workforce, boost overall productivity and create a more relaxed environment for your team. On the flip side, it brings up a lot of issues for you as the business owner – not to mention your employees, too.
If you are considering BYOD for your small business, then you need a clear BYOD policy. This article will help you establish necessary guidelines so you can protect your interests as a small business owner while maintaining a competitive edge as an employer.
The first thing to do is to answer the following questions. Your responses will shape your BYOD policy.
Should I compensate employees for using their personal devices?
For companies with a clear BYOD policy in place, the answer to this question is typically no. Employees are not usually reimbursed for using devices they already own. The benefit for employees lies in their ability to use the type of technology they want to use. Remember, too, that you are not renting the equipment from your staff; you are simply permitting them to use their preferred device.
On the other hand, if you are implementing BYOD instead of providing computers to employees, then, sure, you might offer some money to reimburse them.
Can I require that employees' devices adhere to certain cybersecurity policies?
Yes and no. For your policy to be effective, you should have a certain level of control over personal devices that are used on the job. While you can't mandate everything, you can set certain expectations. Make it clear that employees can use their own smartphone, computer, etc., on the condition that your expectations are met. Rules you might consider include the following:
- All company-related assets must be password-protected. If you or your employees need help devising strong passwords that are also easy to remember, see this list of helpful tips.
- Devices must be equipped with (and registered) a "Find my Device" service. Not only can this service track down a missing device, but some can wipe a device remotely.
- All operating systems, applications, and software must be updated regularly. Software that is out of date is more vulnerable to security breaches. If your OS system is prompting you to update, it probably has less to do with a new design or feature and more to do with closing a security gap.
- Data must be backed up regularly. Everyone – even non-BYOD employees – should periodically back up the data on their devices. The importance of this is especially obvious if the device gets stolen, lost or stops working.
- Devices must have antivirus protection installed. This may be something that you can provide. There are many affordable off-the-shelf antivirus and security applications that protect devices from common threats.
Where should employees store company data?
If you are considering BYOD, chances are you already use a cloud-based storage solution for your company data. If not, now might be the perfect time to start.
Cloud-based solutions enable authorized users to access and share data anytime and from any location. It's really no surprise, then, that cloud-based solutions and BYOD go hand in hand. Still, not all cloud storage offers the same amount of security.
To keep your company data protected on employee-owned devices, consider a mobile device management (MDM) solution. MDMs offer a range of security features, but the purpose of an MDM is to monitor, manage and secure the devices being used in your small business. Some can isolate an employee's personal apps from the business apps on their computer. If a device is lost or stolen, an MDM can wipe the data remotely.
What happens when an employee leaves the company?
The fact is, some data – like email contacts, company practices, or upcoming marketing initiatives – will inevitably leave with your employee. Knowing this, one of the most proactive things you can do is to select your business applications carefully. Make sure that your employees don't have to download data to their personal device. You might also consider having employees sign a nondisclosure or confidentiality agreement as part of your BYOD policy procedure.
If you expect to wipe their personal computer when they leave, make that abundantly clear as well.
Now it's time to write your BYOD policy.
Guidelines for drafting your BYOD policy
Define your objective. Make it clear why you have a BYOD policy in the first place.
Decide which devices are allowed. Smartphones, computers, tablets, oh my. Be specific about what type – and possibly even what brand – you will accept.
Manage their expectations. Be straightforward about what you will cover and what employees are liable for.
Clearly state your security requirements. Explain to employees that they may only use their personal devices on the condition that all of the expectations have been met.
Define your exit strategy. Describe what your protocol will be when an employee leaves the company.