Streamlining your business

Preparing your business for BYOD

The growing adoption of personal smart devices in recent years has seen an increase in private device use in the workplace. 

This trend is set to continue, with the bring your own device (BYOD) market expected to grow at a combined annual rate of 24% by 2021.

While enabling employees to use their own devices can have positive implications for workplace flexibility, efficiency and productivity, it also raises concerns around security and protection of business-critical data.

So, how can businesses tackle these challenges? The key is a robust BYOD policy.

The benefits of BYOD

Before we get into the specifics of implementing a BYOD policy in the workplace, let’s look at some of the potential advantages of allowing employees to work from their own devices:

  • increased productivity as a result of employees being able to work from anywhere, at any time using portable devices such as smartphones and tablets
  • increased efficiency by allowing employees to access key data and work on the go
  • reduced hardware costs for the business
  • better work-life balance for employees, who can manage their work and personal duties more seamlessly
  • reduced overheads, such as real estate costs, because as employees can work remotely
  • improved customer service, especially for employees who are often on the road or out of the office
  • improved business continuity if employees are unable to work in the office due to an interruption, such as a power outage
  • flexibility for employees to use devices they are familiar with and have tailored to their preferences

Best practices for implementing a BYOD policy

While there are plenty of good arguments for adopting a BYOD policy in the workplace, there are undeniable risks in permitting employees access to sensitive data from personal devices.

It could, for example, increase the likelihood of security breaches and data leaks. That's because individual employees are unlikely to have the same level of IT security measures on their devices as a business would.

Giving employees the freedom to access business data from their personal devices can also raise the risk of someone taking critical data with them when they leave the business.

So, for a BYOD policy to be successful, a business must conduct a thorough risk assessment analysis. This helps identify key areas of concern and to implement best practices to control the use of personal devices. Here are our five tips.

1. Outline which devices are permitted

Some older smartphones, laptops or tablets may not support the basic level of security you require to keep your business data safe. With that in mind, it's important to specify which devices are allowed under your BYOD policy, including minimum operating system requirements.

2. Conduct user security training

Every employee should understand and follow cybersecurity best practices, including:

  • using a complex, unique password on all devices
  • enabling two-step verification for key accounts
  • avoiding pop-ups, unknown emails and unverified attachments or links
  • following company procedure for data storing and sharing
  • enabling anti-virus and firewall protection on all devices.

3. Specify data ownership rules

Although it may seem obvious that your business owns the information stored on the servers of your employee's access, problems can arise if personal devices need to be wiped in the event of a data breach.

Your BYOD policy should clarify that you have the right to access and wipe data on personal devices in the event of a cybersecurity incident.

4. Define a service policy for employees' devices

Make sure employees understand the rules and boundaries around support for personal devices. Consider:

  • What level of support will you provide to connect employees' devices to your network?
  • What kind of support will you provide for updating or repairing devices?
  • What will happen if a problem with a personal device is preventing an employee from accessing critical apps or data?
  • When are employees responsible for managing their own devices?

Answering these questions up front in your BYOD policy can help avoid confusion when it comes to onboarding and handling device issues.

5. Implement an employee exit strategy

Consider what will happen when employees using their own devices leave the business. How will you enforce the removal of access tokens, email, data and other proprietary information?

Depending on your business requirements, this could be a case of disabling access as part of your employee exit checklist, or you might choose to do a full wipe of the device. If you decide to make wiping devices mandatory, you should also have a clear strategy in place for backing up and restoring employees' personal data.

With a strong policy in place, you can take advantage of all the benefits of BYOD while minimising the potential pitfalls.

Free Online HR Solution

Manage your employees with ease using our free Online HR Tool for up to five employees. Assign contracts and policies from an extensive library of legal documents, add performance KPIs and more. To get access, simply join Business Australia as a free member.

Already a member? Get started

Found this useful?

Subscribe to our newsletter and receive the best business tips and articles straight to your inbox.

Thank you for signing up to our newsletter. You're one step closer to receiving more insightful information to help better your business.

We take your privacy seriously and by subscribing to our newsletter you agree to the terms of our Privacy Policy available below.