Businesses of today are finding it necessary to implement well-thought out BYOD policies.

In this age of mobile devices and nearly instantaneous information gratification and communications, the notion of work productivity has greatly expanded. Unless you choose to shut down your personal mobile device when you take off from your workplace, you’re invariably going to continue to get a stream of emails, texts, or calls during “downtime.”

If your mobile device has access to client files, credit card numbers, or other sensitive data on your company’s server or in the cloud, just how vulnerable is that information should your device be stolen or lost? The answer is, “Very vulnerable.” And this is why BYOD (Bring Your Own Device) policies are hugely important to businesses.

In essence, BYOD policies are about risk management and ensuring client confidentialities. However, at the same time the device is a personal one, so a policy has to be sensitive to the privacy of the owner. This is truly a delicate matter of enabling off-site productivity and the freedom of one to use her own device for personal reasons, otherwise.

With a good BYOD policy it’s a win-win for both employer and employee. Employers benefit from having the cost of a device shifted to the employee and the employee benefits from not having to carry a work and personal mobile device.

In an interview with BizReport, Derek Yoo, CTO of ThinkingPhones, says an important consideration when building a BYOD policy is to “adjust to workplace expectations by adopting a friendlier user experience. This will encourage workers to use IT-approved security and productivity tools, thus avoiding employees going rogue and leaving IT in the dust.”

According to a MessageOps and Champion Solutions Group survey (news release) of the mobile security habits of 447 organizations compared to industry trends, standards, and best practices shows that:

  • A near even split of companies that do have a BYOD policy (47%) and those that don’t (53%)
  • For passwords, most companies prefer complex alphanumeric passwords of 6-10 characters
  • 77% of those surveyed have lock out policies for multiple (3-5) failed log in attempts
  • 72% required re-authentication for mobile devices that have been inactive for between 5-15 minutes
  • Most have provisions in place for expiring passwords and not allowing for the re-use of old passwords

If your organization is among the 50+ percent of those that have not established a BYOD policy, how do you get started?

In a recent post, Stikeman Elliott LLP covered 14 rules for rolling out a BYOD program. For brevity, let me go over the required pre-work that goes into the BYOD program.

  • There must be buy-in from senior management. Depending on the size of the business, the data that’s potentially at risk of being stolen, the time needed to develop the policy, and pre-rollout testing, it’s going to cost money to beef up mobile security. All should agree that this is – in this mad digital hacking world we live in – a necessary expense and move on.
  • In the development phase, all departments should be consulted. All involved must understand that a generic BYOD policy will not be effective enough to protect client data. From C-suite and HR to IT and information management, all teams should have input on the development of the policy. In the end, the policy needs to be easy to understand and communicated to employees, including training materials and training programs.
  • Proceed with caution. Allowing personal mobile devices to access privileged data can be a risky endeavor, regardless of safety measures implemented in a BYOD policy. In essence, employees absolutely must be mindful of and accountable for how they use their own devices.

Interestingly, the analyst firm IDC forecasts that by 2019 close to 2 billion smartphones will be shipped globally, with an estimated 60% of them being used in BYOD environments.

Implementing a BYOD policy is a business choice and it will come with a cost in research, training, and rollout. Not having a BYOD policy is a business risk – and in many ways. Not only is client data potentially vulnerable through loss or theft of one’s mobile device, but by failing to implement a good BYOD policy, your employees may not be as productive off-site, your business will incur increased costs for having to purchase work-specific mobile devices, and you may thus suffer a loss of competitiveness in the marketplace.

So get out there and start building your BYOD policy. Here are some resources for getting started:

How to create a BYOD policy for your company

7 Tips for Establishing a Successful BYOD Policy

BYOD: Build A Policy That Works


Kiffin Hope is a freelance digital marketing and social media strategist. He blogs on all things cyber, tech, and emerging trends in digital.

Print Friendly, PDF & Email