A BYOD (bring-your-own-device) policy is, essentially, a set of rules governing an organization’s IT department’s level of support for employee-owned PCs, smartphones and tablets utilized to conduct company business.
95% of the 600 IT and business leaders in the US surveyed for the latest Cisco IBSG Horizons Study indicated their organizations permit employee-owned devices in some way, shape or form in the workplace. This study also concluded that the average number of connected devices per knowledge worker is expected to reach 3.3 by 2014, up from an average of 2.8 in 2012.
The consumerization of IT has created the need for the development of bring-your-own-device policies. The fact is, employees use their own PCs and mobile devices for business tasks whether your IT department support them or not. Creating a BYOD policy can help control this usage and mitigate its security risks.
Some things to think about before developing a BYOD policy include:
- What devices you’ll need to support
- How much access you will give employees
- How to ensure company data is kept safe
- What kind of budget you are able to allocate to this project
Other things to take into consideration while creating a BYOD policy for your business include:
Review Current Security Policies
You may not have to create your BYOD policy from scratch, take a look at your current security policies for web applications including email, CRM and VPN as well as policies regarding the use of personal laptops. Many of these will also apply to the use of mobile devices. Continue to build upon your BYOD policy from there.
Let’s be realistic, while a thoroughly written security policy will surely yield a healthy stack of paper, the likelihood that most of your employees will read it, is pretty low. It’s more likely that they will just skim and sign it without fully understanding all that is expected of them. Try creating a summary page that clearly lays out what the responsibilities of the employee are and require the employee to initial each point to indicate agreement. Then you can go ahead and list out all of the details and definitions behind it so that employees have full disclosure available to them upfront.
Determine Which Apps Are Off-limits
There are currently hundreds of thousands of apps available in the Apple, Android and other markets. You’ll need to decide if there are any specific applications or class of applications that you want to keep off the device. Provide a white list/black list of apps so that employees know what they can and cannot install on their devices.
Let’s face it, no one will make an effort to comply with your policies if there are no consequences for noncompliance. Will the employee be denied access to the network, be excluded from participating the BYOD program or possibly even be terminated for noncompliance?
Provide Training and Support
Conduct training sessions with employees to review your policy and give them a chance to ask questions. Ensure that they understand how to correctly use their applications, make the most of their mobile capabilities, and watch for security threats..
As technology continues to evolve, so will BYOD policies and practices. By creating policies early you can lay a solid foundation as well as provide the flexibility you need to ensure that your security requirements keep up with the changing trends. Be sure to update the policy as new devices and apps become available and keep employees in the loop; awareness is the key to keeping users knowledgeable and compliant for a safe and satisfying BYOD experience.