BYOD Policies for Your Organization

09/09/2015

Bring Your Own Device (BYOD) programs call for tree critical components: a software application for managing the devices connecting to the network, a written policy outlining the responsibilities of both the employer and the users, and an agreement users must sign, acknowledging that they have read and understand the policy.

The number of smartphone use across the globe will reach 2 billion by the end of 2015, according to many estimates. If you have yet to establish a program to allow employee-owned devices to access corporate networks, you may be feeling the pressure to do so now. So, how do you write an effective and secure policy?

Writing a BYOD policy is a great way for companies to establish a groundwork before giving employees access to smartphones and tablets on their organization’s network. Questions that should be addressed by an organizations’ leadership prior to launch, include:

  1. Specify What Devices Are Permitted.

Before the advent of all of the new smartphones on the market, most people just had their Blackberrys – which made BYOD policy far simpler. Therefore, it is important to specify which devices are permitted. Should you really be saying, bring your own iPhone but not your own Android phone? Bring your own iPad but no other phones or tablets? It is important to specify which product lines you support – and, those you don’t.

  1. Security Policy

Most users resist implementing security passwords on their smartphones, however, businesses simply have too much sensitive information to which phones connected to your corporate systems gave access to allow unfettered swipe-and-go operation of these phones. If users want to use their devices, they will need to use a strong, alphanumeric password to gain entry. Check with your messaging administrators to see what device security policies can be reliably enforced with your software.

  1. Determine Who Owns Apps and Data

While it seems logical, that your company owns the personal information stored on the servers that your employees access with their devices, it becomes more problematic when you consider the problem of wiping the device in the event it is lost or confirmed stolen. When you wipe the phone, all content including personally purchased data, is erased forever. Does your BYOD policy make it clear that you assert the right to wipe devices brought onto the network under your plan? Do you provide guidance as to how employees can secure content and back it up if the phone or device is replaced?

  1. Integrate BYOD Pan With Acceptable Use Policy.

Creating an acceptable use policy compatible with employee owned devices is important for covering your steps. There needs to be a thorough outline of what content is permissible to use while plugged into the corporate network. These questions will help guide BYOD use policy:

  • What if your employees browse objectionable websites while on their device’s VPN?
  • What if they transmit, inadvertently or not, inappropriate material over your network, even though they’re using a device they own personally? What sanctions are there for such activity?
  • What monitoring strategies and tools are available to enforce such policies?
  • What rights do you have to set up rules in this arena?
  1. Establish an Employee Exit Strategy

Don’t forget about the data of employees that leave the company. How do you enforce the removal of access tokens, e-mail access, data and other proprietary applications and information?

It’s not as simple as having the employee return the corporate-issued phone. In this case, many companies choose to rely on disabling email or synchronization access as part of the exit interview and HR checklists, while more security conscious companies choose to wipe the device before the exit interview.