BYOD Policy – Do You Need One?
“Bring your own device”, or BYOD, has become a huge trend around the world in recent years. Most organizations allow employees to bring their own personal electronic devices, including cell phones and laptops, to work. According to a Microsoft study, 67 percent of people are using their personal devices at work, regardless of whether there is an official BYOD policy.
The benefits of BYOD are compelling. These include increased productivity, reduced IT costs, better mobility for employees and greater appeal when attracting and retaining employees.
However, there are risks in allowing employees to access your corporate data using their own devices, and those risks need to be carefully managed. Information security risks includes the potential for data breaches, lost data and increased liability for organizations.
An important way to manage such risks is by taking a proactive approach and establishing strong BYOD policies. Such policies might address the following questions:
- Will employees sign an agreement if they wish to bring their own devices?
- Who will pay for the devices and the data coverage required?
- Where will data from BYOD devices be stored (locally or in the cloud)?
- Does the data on the device need to be encrypted?
- What happens if an employee violates BYOD policy? What are the consequences?
- What privacy will be granted to employees using their own devices?
- What support will the organization provide for BYOD users? For example software updates, troubleshooting and maintenance.
- What safeguards are in place if a device is compromised? It should be possible for the company to remotely wipe a lost or stolen device.
- What methods will be used to secure devices before they are retired, sold, or disposed of? How do we ensure there is no confidential corporate data on the device?
Safety and security of corporate data is critically important. Developing a BYOD policy is a key step in keeping your data safe and guarding against security threats.
Find out more about creating BYOD policies – call me and we can have a conversation. We can also talk about improving operating efficiency, reducing costs and strengthening your organization. Reach me at 613-727-1230 ext. 212 or firstname.lastname@example.org
Richard MacNeill, FCPA, FCMA, CMC, Dipl. T. is a partner at OTUS Group, a team of advisors to business, government and not-for-profit organizations.