Try to go back in time and imagine your life before your smartphone. You would never be able to look up the name of that one actor from that one movie or find the closest place that can make you a Baked Alaska at midnight.
It’s a pretty sad memory.
Now, if you’re like most Americans, your smartphone has worn a comfortable space in all your pockets and rarely leaves your side. Even when you’re at work.
The smartphone and mobile computing revolution have brought us many conveniences, including the ability to take work calls while we’re out of the office, dash off meeting notes that are actually legible and be more available and connected. But it has also brought a host of network security concerns for employers around the world.
You Already Have BYOD
The acronym BYOD stands for Bring Your Own Device and it’s a policy that many companies have turned to keep their employees happy and keep their device costs down. But with literally billions of smartphones around the globe, including in the hands of virtually every adult (and many non-adults) in America, the fact is that your company already has BYOD. If you look around your office, almost everyone will have their phone nearby, will pop out to take calls, text friends and family, and use your wireless network to download podcasts and stream videos. Your employees are already doing this, and it could be putting your company at risk, bringing to life your very real network security concerns, if you do not have a policy in place to protect your company assets. Now is the time to codify a BYOD policy that makes sense for your company and your staff.
Key Components of a BYOD Policy
Since every company is unique, the parameters of any BYOD policy are not going to be the same. However, there are a few things that any good policy should include and should put thought towards.
List Supported Devices
There is an unlimited number of wireless-enabled devices, with new ones being developed every day. Your IT department cannot feasibly support them all. It is important to lay out which types of devices are eligible for work purposes (e.g., Android but not iPhone).
Enforce Baseline Security Requirements
When employees bring their own devices, they can be reluctant to change the settings they prefer, but you need to be able to provide and enforce reasonable standards. For example, you may need to enforce a certain type of password or security on a device. Enforcement is also important, so regular security audits should be a part of your policy.
Clarity on Device Services
When a personal device is used for work, the line between work and personal responsibilities can become blurred. It is essential to be clear from the outset that using a personal device for work purposes does not mean that when the device malfunctions it is the job of your IT department to fix it — but the same might not be true if the malfunction is in a work application. Be clear from the beginning, with both the BYOD employees and technical support, what they can expect regarding support for their personal devices.
Training & Documentation
Users certainly know how to use their smartphones and other devices for personal communication and entertainment, but that does not negate the need for training to allay your network security concerns. Be sure that when your new BYOD policy is implemented, you take the time to provide training and documentation for the policy and any required applications.
Without a policy in place to which you can refer, it is impossible to enforce any BYOD breaches. Should network security concerns ever arise (and statistically, it probably will), you can be left with little recourse and confidential information inadvertently exposed. Putting a BYOD policy in place is a critical step to maintaining data security.