What You Need to Consider before Adopting a BYOD Policy
Companies often let employees use their own devices for work. One study by Crowd Research Partners found that 72% of the 800 companies surveyed allow at least some employees to do so.
While Bring Your Own Device (BYOD) policies are popular, adopting this type of policy is not a matter of simply telling your employees they can use their own mobile phones, tablets, and laptops for work if desired. You should understand the advantages and disadvantages of implementing a BYOD policy as well as what it entails. Only then can you make an informed decision about whether it is right for your business.
Here is what you need to consider before adopting a BYOD policy.
Employees Will Likely Be Happier and More Productive
Increased employee satisfaction, productivity, and mobility are the main reasons why companies adopt BYOD policies, according to Crowd Research Partners' "BYOD & Mobile Security Report". Letting your employees use a mobile device of their choosing rather than being assigned an arbitrary one can boost their morale. Moreover, they will likely be happy about not having to carry around company devices in addition to their own devices.
Adopting a BYOD policy might also improve your employees' productivity. Most people are very familiar with their device's features, capabilities, and quirks, so they can work faster and more efficiently when they use them. Plus, employees are more apt to check work emails and do other tasks during off-hours, which can increase their productivity.
The Amount of Money Saved Won't Be Huge
While shifting device costs to employees can save businesses some money, it rarely results in huge savings for several reasons. For starters, mobile device purchases make up only a small percentage of the overall IT budget in most companies. Plus, these purchases might not even be an annual expense if businesses upgrade their devices infrequently. Finally, the savings gained from shifting hardware expenses to employees can be eroded by the costs incurred from securing and supporting their devices.
The bottom line is that you should not adopt a BYOD policy for the sole purpose of saving money. If you do, you will likely be disappointed in the amount saved.
Security Issues Will Need to Be Addressed
Companies face several security issues when they let employees use their own mobile devices for work. Potential problems include:
- Employees not installing anti-malware software on their devices, which results in them unintentionally uploading malware to their companies' networks
- Staff members losing their devices and the company data on them
- Cybercriminals obtaining credentials when employees unknowingly use malicious hotspots to connect to their companies' networks
- Employees downloading apps that contain security vulnerabilities that hackers can exploit
- Staff members using their mobile devices to steal intellectual property
You need to address these security issues if you let your employees use their own devices for work. (Even if employees use company-provided devices, you still need to address many of them.) Not doing so will put your business at greater risk of cyberattacks, insider threats, and even regulatory or legal action if sensitive data is lost.
IT Support May Need to Be Provided
Companies that have BYOD policies provide different levels of support for employees' mobile devices. For example, out of the 800 companies represented in the "BYOD & Mobile Security Report", 15% provide full support for all types of mobile devices, while 23% do not provide any assistance at all. The remaining companies provide ad hoc support (32%), limited assistance for only certain models (27%), or some other type of help (3%).
Before you adopt a BYOD policy, you should determine how much support you want to provide. Not providing any assistance is risky because you are relying on employees to implement and maintain security measures on their own devices. Providing full support is the most secure approach, but doing so can be time-consuming for the IT staff and costly for your business.
Legal and Regulatory Issues Must Be Considered
If you are considering adopting a BYOD policy, there are several legal and regulatory issues you need to be aware of. Topping the list is that companies can be held liable when employees violate laws while using their personal devices. Perhaps the most famous case is a U.S. jury's decision to award $21 million in damages to a woman who was struck by a Coca-Cola delivery driver who had been talking on her cell phone at the time of the accident. The plaintiff's attorneys successfully argued that the company's mobile phone policy for its drivers was vague and that Coca-Cola was aware of the dangers of distracted driving, but it withheld this information from its drivers.
Businesses can also get into regulatory trouble. For instance, companies that do not put measures in place to protect sensitive data on employees' personal devices might be found in non-compliance with regulations such as the U.S. Health Insurance Portability and Accountability Act (HIPAA) and the European Union's General Data Protection Regulation (GDPR).
Further, labor laws also need to be considered. You should be familiar with the labor laws governing your area so that you can answer questions such as "Do I have to pay non-exempt employees overtime when they use their personal device for work during off-hours?" and "Am I required to reimburse part of the cost of employees' wireless voice and data plans if they use their own mobile devices for work?"
Implement a BYOD Policy That Is Beneficial to All
Although letting employees use their own mobile devices for work probably won't save your business a huge amount of money, it can be an effective way to boost employee satisfaction and productivity. It is also a good way to entice prospective employees, especially millennials who have grown up using their smartphones for all facets of their lives.
If you decide to adopt a BYOD policy, contact us. We can help you address the IT support and security issues.