‘Bring Your Own Device; (BYOD) has been around since cell phones first appeared on the business scene. When phones got smarter, software developers began creating apps. Over time, mobile device use has rivaled if not overtaken desktop use at work.
Mobile devices make up about 60% of the endpoints in a company network, according to Microsoft. These devices handle about 80% of the total workload, but when it comes to strong Cybersecurity measures, they are often neglected – and cybercriminals know it.
This becomes even more critical when dealing with employee-owned mobile devices. BYOD differs from company-owned mobile use programs and devices in that the company has less control. Instead of using company tools, employees are using their personal devices for work. Many businesses find this the most economical way to keep their teams productive.
Purchasing phones and wireless plans for staff is often out of reach financially for many Small and Mid-size Businesses (SMBs). It is also somewhat of a pain for employees to carry around two different devices for personal and work use.
It’s estimated that 83% of companies have some type of BYOD policy.
If you want to run BYOD securely, you need to have solid best practices in place. Too often, business owners don’t even know all the devices that are connecting with, and have access to, their business data - or which devices have company data stored on them.
You should certainly involve input and information from your IT services team when you go about creating a BYOD policy. Here are some tips to help overcome the challenges of BYOD. These should help you enjoy a win-win situation for employees and the business.
- Define Your BYOD Policy
- Keep Your Policy Current
- Use VoIP Apps for Business Calls
- Create Restrictions on Saved Company Data
- Require Device Updates
- Include BYOD in Your Offboarding Process
Define Your BYOD Policy
With no defined rules in place, you cannot expect BYOD processes to be secure. Employees may leave business data unprotected. They may connect to public Wi-Fi and then enter their business email password, exposing it to hackers. Devices can also be lost or stolen.
If you allow employees to access business data from personal devices, you absolutely need a policy to govern this practice. This policy protects the company from unnecessary risk and lays out specifics that reduce potential problems. For example, detailing the compensation for employees that use personal devices for work.
Keep Your Policy Current
Outdated policies become less relevant to employees. If they look at your BYOD policy and note that one directive is old, they may assume that all directives are obsolete. Do not let one old directive be the rotten apple that spoils the whole barrel.
Make sure that you keep your BYOD policy current. This means updating it regularly if any changes impact those policies.
Use VoIP Apps for Business Calls
65% of employees gave customers their personal phone numbers before COVID came onto the scene. This often happens due to the need to connect with a client when away from an office phone. Clients also may save a personal number for a staff member. For example, when the employee calls the customer from their own device.
This can be a problem for everyone. Customers should not have employees’ personal numbers. When the employee leaves the company, they may not answer customers who call. The customer may not realize why and hold it against the company. Or a customer may have a grievance and harass the employee.
This issue is easily avoided by using a business VoIP phone system. These services have mobile apps for employees which allow workers to make and receive calls through a business number, and the company retains control of that number.
Create Restrictions on Saved Company Data
Cybersecurity issues have been exacerbated by BYOD being used for remote work. While BYOD may have meant mobile devices in the past, it now means computers too. Remote employees often will use their own PCs when working outside the office – again, that means less control by the company and weakened security.
No matter what type of device employees use, it is imperative that you maintain control of business data. It’s a good idea to restrict the types of data that staff can store on personal devices. You should also ensure that it’s backed up from those devices.
Require Device Updates
One of the main ways hackers initiate a data breach is through devices that are not updated or patched. Any endpoint connected to your network can enable a breach, including those owned by employees.
Many businesses turn to endpoint management solutions to avoid the issues associated with ensuring that a device owned by an employee is kept updated. An endpoint device manager can push through updates automatically. This is easy for your IT services team to set up and allows you to protect business data without intruding on employee privacy.
The monitoring and management capabilities of these tools improve security. This includes the ability to safelist devices. Safelisting can block devices not added to the endpoint manager.
Include BYOD in Your Offboarding Process
Never let an employee retain access to company data, such as work emails received on their phone, when they leave your company Do they have access to company data through persistent logins? Are any saved company passwords on their device?
These are all questions to address when offboarding a former staff member. You should also make sure to copy and remove any company files on their personal device. Additionally, ensure that you deauthorize their device(s) from your network.
Frequently Asked Questions
What is BYOD example?
Smartphones are the most common devices by far. Other examples are laptops, notebooks, tablets, personal home computers for remote workers, and USB drives which store company data.
How does BYOD work?
It works differently in various industries. Most typical office environments provide company-owned desktops and limit BYOD to devices used remotely, such as smartphones, tablets, and laptops. In Real Estate Sales, it’s very common for realtors to bring their own laptops to the office and simply plug in to the network. Ultimately, BYOD gives employees the freedom to use tools they prefer. It is up to the employer to ensure that data is protected during transmission.
How do I create a BYOD policy?
Once you have chosen to allow BYOD in your organization, consult with your IT support provider to establish what Cybersecurity concerns need to be addressed. Your policy should:
- Establish the scope of the policy.
- Examine privacy protection.
- Outline Cybersecurity and compliance initiatives.
- Simplify the sign-up process.
- Establish reimbursement guidelines.
- Plan for ongoing maintenance.
Write your policy down before implementing it.
What should a BYOD policy include?
BYOD practices can become chaotic, so these 7 concepts should be included in any BYOD policy:
- Specify permitted devices
- Clearly outline who owns company information on the device
- Determine permitted/unpermitted apps
- Establish phone number ownership
- Determine payment/reimbursement structure
- Establish uncontestable security requirements
- Practice flexibility
File-sharing software company TitanFile further defines these concepts HERE.
How secure is your network?
As a longstanding, reputable member of the Charlotte IT Support community, ITFirm.com offers a FREE, no-risk network and Cybersecurity assessment. We perform a non-intrusive scan that allows us to deliver a comprehensive report of the state of your system and its vulnerabilities that is yours to keep. There are no strings attached, and you are under no obligation ever to use our IT services.
The two best defenses are next-generation Cybersecurity to protect your data from theft, and a top-notch Managed Services Provider to ensure continued reliability and defenses against newly emerging threats.
We put our 100% Money Back Guarantee in writing, so there is no risk in trying us out. Because we do not require a ‘hard’ contract, our clients can fire us at any time with 30 days’ notice. We have to be good.
Among the Managed IT services we provide:
IT HelpDesk Service
Onsite IT Support
Cybersecurity
Cloud migration and management
Email migration services
Backup and disaster recovery
VoIP phone systems
IT disposition and recycling
Office moves
White label services (IT to IT)
Planning an Office Move?
We have the experience to ensure a seamless transition. Your employees will arrive at the new location to find their IT infrastructure ready and open for business! For more information, or to receive your FREE no-risk network and security assessment, just fill out the form on this page or call us at:
704-565-9705
