BYOD, or "bring your own device," policies are increasingly typical at businesses today. According to BetaNews, the BYOD market is on track to reach nearly $367 billion by 2022, growing tenfold from $30 billion in 2014. BYOD delivers many advantages, reducing IT expenses while allowing employees to use the technologies that work best for them. It's a particularly powerful tool for connecting virtual teams and offices.
But you need BYOD best practices in place to make sure that it works best for all involved. Here are 10 considerations for creating a policy that protects the company while still boosting business productivity and supporting a better work-life balance for employees.
When approaching the question of how to create a BYOD policy, it's always best to strike a meaningful balance between employee productivity and business security.
10 BYOD Best Practices
Lay the Ground Rules: First and foremost, you'll need to set clear eligibility criteria for the program. This includes how much — if at all — the company will pay toward each device, which types of devices will be allowed, who is eligible to participate in the program, and what sort of availability they're expected to provide the company. Be sure to consider smart devices, such as smart watches, that employees may also want to use. All employees participating in BYOD should sign an agreement indicating they understand the policy and will comply with it.
Go to the Top: Make sure all executives are covered by your BYOD policy. They're likely to be enthusiastic mobile-device users, and chances are good that they're viewing and exchanging privileged business information that needs to be secured. In order to properly manage the risk that their mobile-device or smart device use presents, it's wise to take special care to include executives when rolling out BYOD at your workplace.
Great Internal Marketing: Providing clear, consistent communications to all employees about what to expect is essential for success with BYOD, both during the transition and afterward, when new employees join the company and need orientation. By proactively managing change during the crucial moment of transition to BYOD, your company will be better able to ensure enthusiasm among employees and, in turn, enhanced long-term productivity.
Start on the Same Page: If you're launching BYOD for the first time, make a point of reaching out to wireless providers well before launch so you can secure better company rates. After your organization has been up and running with BYOD for a short while and has worked out any kinks that may have arisen during implementation, you can work with providers to refresh company discount rates and let them know that employees are going to be shopping around for the best prices on devices.
Take Precautions: Proper security is a must under BYOD, as employees' mobile devices will be connecting directly to the company's systems. With that in mind, ensure that any participating devices are secured with strong, regularly updated passwords and best practice authentication methods such as two-factor authentication. If your company has an existing password policy, make sure employees' devices are in compliance — and if your company doesn't yet have a password policy in place, now would be an ideal time to create one.
Stay Current: Likewise, you'll need to ensure that any participating devices are consistently patched with the latest software updates and are as carefully managed as any business-owned smartphone, tablet, or computer would be. Employee devices that are left running outdated or insecure versions of their operating systems or applications pose a security risk to the company.
Know Your Networks: Devices shouldn't be allowed to connect to insecure, open wireless networks. If you have an existing information security policy that specifies this restriction in writing with regard to company-owned devices, make sure participating devices adhere to it as well.
Back It Up: One of the most important BYOD restrictions involves remotely wiping devices in the event of loss, theft, or unauthorized access. Employees should be advised that they're responsible for backing up their devices on a regular basis so that they don't lose any important data in the event that this occurs. The cloud-based email and calendaring services that come with a cloud phone system can be helpful in just these sorts of scenarios, since they automatically back up employees' calendar and contact data.
Endpoint Management: When developing a BYOD policy, make sure that your IT team has the right tools in place to make it work. This includes enterprise mobility management (EMM) or mobile device management (MDM) systems, which put the security-related aspects of your policy — for example, remote wiping — into practice. You may also want to ensure that, with regard to wireless network security, you take advantage of virtual private network (VPN) solutions that allow your laptops and mobile devices to connect securely to company resources from remote locations.
Set Boundaries: BYOD, it should be noted, is not the same as Bring Your Own Cloud (BYOC). Although you're granting employees the ability to use mobile devices at the workplace, that doesn't mean you've automatically permitted them to deploy and use their own cloud software for work purposes without proper vetting and a green light from IT. Because this form of shadow IT can result in unintended consequences such as data breaches or worse, it must be addressed in your BYOD policy so that expectations are clear from the beginning.
When approaching the question of how to create a BYOD policy, it's always best to strike a meaningful balance between employee productivity and business security. By following these BYOD policy tips, you help ensure a smoother and safer rollout so that both the company and its employees are able to enjoy the many benefits enhanced mobility offers.