Bring Your Own Device (BYOD) programs call for tree critical components: a software application for managing the devices connecting to the network, a written policy outlining the responsibilities of both the employer and the users, and an agreement users must sign, acknowledging that they have read and understand the policy.
The number of smartphone use across the globe will reach 2 billion by the end of 2015, according to many estimates. If you have yet to establish a program to allow employee-owned devices to access corporate networks, you may be feeling the pressure to do so now. So, how do you write an effective and secure policy?
Writing a BYOD policy is a great way for companies to establish a groundwork before giving employees access to smartphones and tablets on their organization’s network. Questions that should be addressed by an organizations’ leadership prior to launch, include:
Before the advent of all of the new smartphones on the market, most people just had their Blackberrys – which made BYOD policy far simpler. Therefore, it is important to specify which devices are permitted. Should you really be saying, bring your own iPhone but not your own Android phone? Bring your own iPad but no other phones or tablets? It is important to specify which product lines you support – and, those you don’t.
Most users resist implementing security passwords on their smartphones, however, businesses simply have too much sensitive information to which phones connected to your corporate systems gave access to allow unfettered swipe-and-go operation of these phones. If users want to use their devices, they will need to use a strong, alphanumeric password to gain entry. Check with your messaging administrators to see what device security policies can be reliably enforced with your software.
While it seems logical, that your company owns the personal information stored on the servers that your employees access with their devices, it becomes more problematic when you consider the problem of wiping the device in the event it is lost or confirmed stolen. When you wipe the phone, all content including personally purchased data, is erased forever. Does your BYOD policy make it clear that you assert the right to wipe devices brought onto the network under your plan? Do you provide guidance as to how employees can secure content and back it up if the phone or device is replaced?
Creating an acceptable use policy compatible with employee owned devices is important for covering your steps. There needs to be a thorough outline of what content is permissible to use while plugged into the corporate network. These questions will help guide BYOD use policy:
Don’t forget about the data of employees that leave the company. How do you enforce the removal of access tokens, e-mail access, data and other proprietary applications and information?
It’s not as simple as having the employee return the corporate-issued phone. In this case, many companies choose to rely on disabling email or synchronization access as part of the exit interview and HR checklists, while more security conscious companies choose to wipe the device before the exit interview.