BYOD: the good, the bad, and the ugly

BYOD – Bring Your Own Device – is fast becoming common in the business world, thanks to the ubiquitous nature of mobile computer devices in our society. But companies need to develop careful BYOD policies before allowing employees free rein to do their work on their own smart phones, tablets, or laptops.

It started a good decade ago with employees bringing their phones and tablets to the office for personal use. A small step later, those devices were being connected to company files and being used for work. Today, it is estimated that 81 percent of Americans use their personal mobile device for some aspect of their work. That number varies by industry and region. According to a recent survey by Cisco, more than 95 percent of people in the education industry use their own devices for work. Companies in developing countries have adopted BYOD more enthusiastically than companies in the developed world. European businesses seem the most cautious. In Germany and France, only about 50 percent of knowledge workers use personal mobile devices in their jobs.

BYOD has some clear advantages. Capital cost savings is the most obvious. But perhaps even more important are increased productivity and employee satisfaction. Workers get to use the devices they know and like. Those devices are usually more up-to-date than equipment provided by employers, and they are upgraded more frequently than employer-provided devices.

Of course, BYOD also has some serious disadvantages, the most serious of which may be potential security breaches. For example, what happens to your company’s security if the employee loses his mobile device?  In addition, how does a company control the acceptable use of a device it doesn’t own?  And how does the company retrieve its data when an employee leaves? Finally, BYOD can cause problems in businesses that must adhere to compliance mandates such as PCI DSS, and HIPAA.

Then there are the ugly problems. Once a personal device is used to store company information, that company may become liable for any information on the device. An employer may be held liable for an employee’s misdeeds on his personal device because that device is also used for work.

With the growing popularity of BYOD, it is imperative that companies establish policies for personal device use. Recently, CIO magazine published this list of BYOD policy suggestions:

  1. Specify What Devices Are Permitted.
  2. Establish a Stringent Security Policy for all Devices.
  3. Define a Clear Service Policy for Devices Under BYOD Criteria.
  4. Make It Clear Who Owns What Apps and Data.
  5. Decide What Apps Will Be Allowed or Banned.
  6. Integrate Your BYOD Plan With Your Acceptable Use Policy.
  7. Set Up an Employee Exit Strategy.

For more information on these suggestions, go to: CIO magazine.