More Remote Workers Increases the Need for Effective BYOD Policies
Businesses are increasingly reliant on mobile computing and on employees’ using their own devices for work purposes. Making sure company data remains safe when accessed through those devices is critically important. Updating “bring your own device” (BYOD) policies and ensuring employees are aware of them is one step towards increasing security of mobile devices.
Employee Resistance to Device Usage Policies
It’s common for employees to be resistant to corporate policies surround use of their own devices. First, corporate control over corporate data on the devices can risk exposing the employee’s own personal data to their employer, as well. In addition, mobile devices are personal, and employees’ have their own preferences about how to use them and which apps they want installed. The controls necessary to safeguard business resources can limit the ability of employees to customize their devices in ways that feel right to them.
Overcoming this resistance requires careful communication with employees. It also requires making sure the policy is crafted as narrowly as possible to impose only necessary restrictions on employees. By using tools such as mobile device management software, businesses can achieve fine-grained security controls without using disruptive measures such as completely wiping a device.
Crafting an Acceptable BYOD Policy
There are some steps a business should take to make sure their BYOD policy both protects the business and acknowledges employee privacy concerns:
1. Establish your goals
Make sure you know what you need your BYOD policy to accomplish. This requires knowing how many employees will work on their own devices as well as your risk tolerance and vulnerabilities. That data can guide you in determining how strict your policy needs to be and how much you want to spend on technology to enforce it.
2. Understand the reasons for mobility
There are multiple use cases for mobile computing, ranging from the employee’s convenience to a business need to operate while business locations are shut down. Some users may work on corporate devices. Some may work from a single remote location; others may move between sites, or access resources at varying hours. Policies need to take into account these usage patterns.
3. Leverage technology to implement controls
Mobile device management software allows you to restrict the kinds of devices that access your network as well as the capabilities of users who are connecting remotely. This software also enables segregation of business and personal data, and provides the ability to erase just the company data if a device is lost or stolen.
4. Identify user responsibilities
The effectiveness of any technology or policy depends on the actions of the people using it or bound by it. Identify user responsibilities, such as using passwords, enabling screen lock after short idle periods, and only downloading apps from approved app stores.
5. Communicate with users
Most employees want to do the right thing, so make sure you communicate the policy to them. Don’t just dictate rules and requirements; explain how each policy item protects the business. Be clear about how much access your team has to any personal data and if that data may be wiped by the business. Require employees to sign a statement acknowledging that they’ve read and agree to abide by the terms.
Mobile computing is increasingly important in today’s challenging business environment. Prescient Solutions’ mobile services help businesses implement effective mobile security policies and support users in working productively on mobile devices. Contact us to learn how you can create a BYOD policy and safely leverage the power of mobile computing.