Bring Your Own Device (BYOD): the opportunities and the threats.
There’s no doubt that the advent of smartphones, tablet computers and laptops have dramatically altered the way millions of people access information via the internet. What’s more it is now having a major impact on business, as the idea of bringing personal devices to work becomes increasingly popular (known as Bring Your Own Device or BYOD).
Whereas IT departments used to drive technology, this ‘consumerisation of IT’ has resulted in a huge shift in IT culture, so that it is now the users that are getting the very latest technology and as a result they want to bring these innovations to work.
While there are many advantages to bringing personal devices into the workplace or using them offsite when they take their work home, it also raises a number of issues especially with regard to the protection and privacy of company data.
To help you take control of this growing trend so that you can make the most of BYOD while avoiding the pitfalls, we have compiled this informative guide covering the advantages and the disadvantages, together with a summary of how best to embrace this growing trend with complete confidence.
The advantages of Bring Your Own Device
- Personal devices tend to be more state-of-the-art; as users upgrade both hardware and software applications more often an organisation’s internal refresh cycles. As a result both employees and employers get the benefit of the latest features and capabilities
- Employees generally purchase their preferred devices and have invested a great deal of time and money is personalising them to suit their individual requirements. Most employees want to use their own devices, rather than being handed the laptops and mobile devices that are issued by the IT department
- With employees paying for the majority, if not all of the costs, companies can save as much as £50 per employee every month
- Many employers believe that employees will object to paying for the devices they use at work. Yet according to a report from the technology experts at good.com, over half of all organisations that embrace BYOD and require employees to cover all costs, state they are more than happy to do so
The disadvantages of Bring Your Own Device
- While employees may prefer to use their own devices, organisations can lose control over the IT hardware and how it is used
- Devices which are issued by the IT department generally come protected by in-built security and regularly updated by the IT department. According to the techbizeconblog an astonishing 93% of tablets and 84% of smartphones connected to corporate data have no security software installed.
- Organisations that fall under data compliance mandates have overall responsibility for information security and safeguarding specific data. As a result any compliance and policies must be extended to personally owned devices
- To protect the company intranet, gated access is recommended in order to prevent unauthorised use
- Determining what is acceptable use of personal devices raises many questions and a lot of grey areas
- When an employee leaves the company for whatever reason, retrieving company data can present problems with personally owned devices. A process is required that selectively deletes business data and applications while leaving all personal data intact
One of the main advantages of BYOD has often been touted as increased worker productivity, but a new report has cast doubt on this assertion. According to Nucleus Research being able to use personal devices may not make employees much more productive after all; with only a handful of companies surveyed reporting a positive return on investment from BYOD policies. This is because device costs are believed to make up less than 10% of an organisations mobility spend; the other 90 per cent covering voice and data charges, support costs, developer costs and software; furthermore, BOYD can actually increase these costs.
Whether or not BYOD serves to increase productivity is still open for debate, but the fact is it is a growing trend and many companies are accepting personal devices into the workplace and as a result it is an important issue that needs to be addressed.
How to make the most of the opportunities and avoid the threats.
As with most changes in the way an organisation operates, the secret is to plan ahead.
The change in how people work and the devices they are using, means that it is essential IT departments establish BYOD guidelines. A clearly defined policy for BYOD must state in advance what the requirements are for the use of personal mobile devices in the workplace; first and foremost to protect company security as employees access email and other corporate data but also to identify and clearly define the boundaries with respect to personal use.
The only way to achieve this is to establish your requirements and clearly lay out the rules and regulations, this way you can avoid all the pitfalls and reap the benefits.
Below is an example of policy guidelines for BYOD
- Use discretion to determine which employees may use personal devices in the workplace as it may not be appropriate for all employees
- Personal devices should be pre-approved by your IT department
- All personal devices should be screened to ensure they have security software installed which is regularly updated. Minimum security requirements, or even a mandatory company-sanctioned security tool should be a pre-condition for allowing personal devices to connect to company data and network resources
- Protect the company intranet by introducing gated access
- Employees should be advised to exercise discretion as it may be distracting to co-workers
- Personal use should be confined to breaks and meal times
- Make employees aware that your company is not responsible for the damage, loss or theft of personal devices
- Employees must never use text messaging or multimedia messaging services when sending company data from personal devices, unless cleared to do so by the IT department
NB: These sample policies are for information purposes only and should not be relied on as legal advice, as certain provisions may not be appropriate for your organisation’s particular situation.