Doing BYOD right: How to establish a strong policy

11 December 2016


Bring your own device (BYOD) arrangements permit workers to use their own smartphones, tablets, laptops and other devices to complete their professional activities. They tap into corporate networks, applications and data from their personal machines. 

From an enterprise perspective, these strategies have multiple advantages, including increased productivity, efficiency, job satisfaction and performance as well as lower equipment costs.

Although many employees appreciate the chance to use the technology they're most familiar and comfortable with, BYOD does present some complications for enterprises. In particular, IT departments may lose some degree of visibility and control over corporate resources, potentially increasing the organisation's risk from viruses, data breaches and other network issues. 

However, BYOD seems to be here to stay, with research firms such as Gartner, Forrester and International Data Corporation (IDC) highlighting its growing popularity in the workplace.

In fact, IDC found that the BYOD market is rising steadily in the Asia/Pacific region, fueled by tablet and smartphone sales as well as the fact that 60 per cent of organisations have mobility policies that accommodate BYOD activities.

If your workers are prone to use their own devices to work with company materials anyway, it might be worth creating an official BYOD policy. How do you facilitate this option while mitigating the risks? 

Putting a strong policy in place 

Establishing a comprehensive BYOD policy is a critical first step in embracing this trend within your overall digital strategy. 

No two BYOD policies are exactly alike, but there are a few key elements to consider. Here's how to get started: 

  1. Identify the purpose of the plan. Knowing your business goals and objectives for a BYOD strategy will serve as the foundation for the rest of your policy. Are you trying to boost productivity? Retain talent? Save on IT costs? 
  2. Decide on your Enterprise Mobility Management (EMM) approach. This relates to a set of people, processes and technology to manage mobile devices, wireless networks and related services to enable use of mobile computing throughout the business.
  3. Determine whether it's an option or a requirement. Some organisations opt to have employees procure their own devices, rather than owning any company machines. In this case, they typically have reimbursement policies or give their workers stipends to cover the cost or make up for the additional wear and tear. 
  4. Choose which operating systems and devices are allowed. BYOD doesn't have to be a free-for-all. Depending on your IT system and applications, you might want to specify which types of gadgets your employees can use on the job to make support and security easier.
  5. Establish security protocols. From passwords to antivirus programs, work with your IT department to identify the necessary precautions and define the requirements. 
  6. Define ownership of data and applications. Your policies need to balance employee privacy with protection over corporate resources. For instance, you should establish expectations about personal content in the event your company needs to wipe the device if it's stolen. You'll also need to think about how you can control user access to accounts and set policies for whether company data can be stored on the device's hard drive.
  7. Select appropriate apps and programs. Enterprise mobility apps can boost productivity while establishing greater security. Not only should you implement the necessary tools, you might need to think about requiring workers to use your corporate apps rather than consumer-grade ones.
  8. Create a service policy. Will the IT department help employees with their personal devices? This can be particularly challenging if you don't restrict which machines are permitted, so be sure to set expectations appropriately.
  9. Prepare a training regimen. Having a policy isn't enough. You need to consider how to convey to workers the importance of data security and best practices for using their devices on the job.
  10. Plan an exit strategy. What happens to the device and its data when workers leave their jobs? Have a clear procedure in place to remove user access to accounts and apps and, if necessary, wipe the organisation's information from the hard drive. 

If you decide BYOD is right for your organisation, taking a proactive approach can help you lay the right foundation that supports its advantages while mitigating its risks.