4 Tips for Great BYOD Policy
With a greater number of mobile devices in people’s hands comes a greater number of companies that are willing to leverage a desire for personal devices of one’s choice and a willingness to work outside of the workplace: these are accomplished with a bring your own device (BYOD) policy. For this reason, it is critical to establish a company-wide policy that protects the integrity of the privacy of the user as well as the security of the data stored on employee devices.
Of further consideration is a company’s policy toward what stands as acceptable usage, and what operating system ecosystems are supported by IT support. With just a few of these issues in mind, here are four pieces of advice that are critical when coming up with a BYOD policy.
- An Employee Exit Strategy
When an employee inevitably leaves a company, they will be taking the devices they own with them which may contain sensitive company data. Things like the removal of access tokens, corporate email access, and proprietary data and applications will need to be taken into consideration. There needs to be some sort of clear protocol in place for handling this and it needs to be clear that the company reserves the right to wipe the drive on the device if there is not another arrangement in place.
- Who owns apps, data?
In the event of a theft or loss of a device, there must be a clear mandate available to the company to be able to wipe data from the disk of the said device. This is the case because, while there is typically personal data on it, there may also be sensitive company data that needs to be protected. It helps if there is a backup system in place to protect the user’s personal data while doing this.
- Clear Service and Security Policies
This one is big: your company will have to decide on what devices will be permitted, which ones will be supported by the IT side of the company, and what security policies will have to be in place to protect sensitive company data. The latter will usually involve a mix of data encryption and regular backup data protocol, along with measures for a complex alphanumerical unlock passcode to protect access to the device itself. It is also critical for the user to understand what devices and OS ecosystems will be available for troubleshooting, and to what degree support will be offered for things like broken devices, support for the individual, possibly proprietary company applications, and support for network-related issues. It does help to institute a company-wide mandate for a single manufacturer’s end-to-end mobility management suite from Dell.
- Apps and Content Allowance
Deciding on app and other content usage is standard procedure for any work environment but becomes a trickier task when you consider that these devices essentially work devices that are also personally bought and owned. Thus, the necessity for clear delineation of what is acceptable usage and what is not is essential. Things like social media browsing, VPNs, and usage of personal email accounts are often prohibited. Any app presents a security risk to sensitive information being leaked, so this is primarily a question of security concern.