9 elements of a BYOD policy you need to know

Posted by: Schepisi - Friday, October 24, 2014

Most of us are armed with it.

We’re using it to reply to emails on the morning ride to work...

We’re using it to check Twitter and Facebook when we’re procrastinating on a Friday afternoon (we’re all guilty)... 

And we’re using it to frantically type genius thoughts when they pop into our heads in the middle of the night...

Of course, it’s that smartphone we just cant seem to put down! 

The action of using your own personal devices has been slowly rolling out into workplaces for a few years now, but 2014 is really the year when businesses are recognising that there may be a productivity and connectivity ease for employers and employees alike when members of staff are granted permission to bring their own smartphone (or notebook, or tablet, or PC!) to use for business.

How many of those devices do you have? I have all four. It wouldn't be surprising to find most reading this have all four, too!

Bring your own device

Bring your own device is a “shift in corporate culture”, but it mightn't necessarily be for every business.

For your business, it might be as simple as getting a couple of smartphones for those who are in and out of the office often. 

Or maybe it’s more complex than that, where employees are using their own notebooks during day-to-day work, meetings, and interviews. They’re using personal devices for work purposes while connected to your office’s secure network, but then that that device home at the end of the day and use it for personal use, too.

No one knows your business better than you, so have a read through the following questions, and see what kind of answers you come up with. Do you need a BYOD policy to regulate employees’ devices? I really need to worry about a BYOD policy?

What’s the point? you may ask. Good question. Here’s the good answer:

A policy monitors non-business delegated devices, and it not designed to restrict users, but to govern these devices to ensure they are not only being safely and appropriately used, but are also of value to business workflow.

Erm, what? Yep, that’s the ho-hum, technical version - the version that encompasses all the questions you need to consider. 

We’ve broken down the components of the policy to clearly identify the main points you need to think about when employing BYOD in your workplace.

Do these points get you thinking? 

1) Authorised devices

First things first: which devices (and how many) can employees bring?

The most common ones you’ll need to think about are smartphones, notebooks, tablets, and PCs. We’ll call them the ‘core four’.

Where is the line drawn? Do you want to set a limit per employee? Do all devices need to be approved and recorded in writing? 

bring your own device

2) Authorised apps

Think carefully here about your business, and consider which apps you use to better manage workflow, as well as those which impact productivity.

It might actually be a good time to conduct a bit of an ‘app audit’, and ditch the apps that are no longer providing the value they may have in the past, and make sure all apps are operating in their most current version (app updates regularly patch up security vulnerabilities, too).

3) Selling a device

When the time comes for users to either upgrade or replace an older device, you need to establish whether they are able to sell the device themselves, or whether it needs to go through you first.

Many companies will opt for the latter, so they can wipe the devices themselves to ensure no business data remains before the phone is sold, donated or destroyed. Will employees be reimbursed for the sale? 

4) Reporting software and app malfunctions, bugs or problems

The simpler you can make this process, the better for everybody! Encourage users to report any bugs as soon as possible so the issue can be resolved as quickly (and with as little disruption and downtime) as possible.

5) Who pays for what?

Here, you need to make it clear who is responsible for the spend each device incurs. A smartphone that is used for personal and business might be reimbursed for half of its monthly spend. What’s fair to the user, and viable for your business? Make sure you clearly explain which charges you will and will not reimburse.

Tangoe’s expense management system can help you navigate through this tricky path!

6) Moving files onto other devices

State in your policy whether you forbid or allow employees to move files to ‘foreign’ devices, that is, other devices that have not been registered by, or are not known to, the company. The risk here is unsolicited viruses or hacking and data loss.

7) Password and pass code protection

Do you want all users to lock their devices with pass codes and passwords? This simple enforcement can help enhance security and keeps data safer.

Beyond this, you will also need to determine how often you want passwords changed, the characteristics of a suitable password (character length, special characters, numbers, capital letters, etc.), and what happens after several failed password attempts - do devices ‘lock-out’ users? 

8) Reporting stolen or lost devices

Uh-oh. A device has been lost or stolen. Who do we report this to? Will the device need to be remotely wiped?

9) Employee departure and resignation

“What happens to my device if I leave the company?” Generally speaking, devices can be wiped of business data and the phone can leave with the employee. The policy needs to explicitly say that the company has the right to do this in the case of employee departure or termination.

byod policy

No policy = a recipe for disaster!

A poorly defined and poorly enforced BYOD policy is a recipe for disaster. Leaked data, lost devices, security compromises, spend and billing disparity and lost files are some of the nightmares associated with an unclear - or poorly enforced - policy. 

That’s right: one half of the work is creating and defining the policy, but the other half is actually enforcing it. The first thing you need to do after you create your policy is to get users to agree to it!

But then how will you go about periodically checking to ensure all policies are being followed and that your BYOD strategy is, ultimately, streamlining your work? Will you have an audit every year? Every quarter? Every month? 

At the end of the day, no matter what devices you and your employees are using, you have stuff to do. Bring Your Own Device, paired with a strong and clear BYOD policy, should ease the pressure and solve the confusion of corporate and personal integration!

Now what?

Ready to take the first step? Reach out! 

Schepisi is an Australian Telstra Business Partner