Creating A Bring Your Own Device Policy
Written by Mark Swartz
Hard enough keeping folk (you included) from letting intruders into protected devices the company issues. Those fancy mobile phones, laptops and tablets are vulnerable to attack. Takes just one smart hacker to wreak havoc.
With a Bring Your Own Device (BYOD) regime, it’s even likelier for breaches to happen. People load all sorts of crap to their personal contraptions. Super snoopy social media apps. Spyware and malware. Protecting privacy can be a nightmare.
Want to please the massive BYOD crowd without leaking secrets? Put in place a firm policy that dictates do’s and don’ts.
Assess Privacy Risks
Younger workers, especially, are married to their own devices. But there are risks involving the collection, use, disclosure, storage and retention of personal data. Also, the threat of info theft and hacks into company servers. Have an IT pro or ethical hacker assess vulnerabilities, and advise on possible solutions before going BYOD.
List The No No’s
Some employers go as far as decreeing which apps must (or can’t) be used. That’s stretching it. However, spelling out the preferred privacy settings isn’t.
Of course, porn’s prohibited on company time. So’s game playing, leisure reading, and personal social media or calls. It’s also fine to specify if cameras must stay off for business and to ban certain types of websites while connected to the company network.
Consider Centralizing Security And Updates
Different browsers, apps and software make privacy protection harder than herding cats (or virus-concealing cat videos). Except there are tools for making sure every user’s safer.
Put in place an enterprise-grade system that helps regulate and manage access to company platforms. It could also automatically upload required business apps and updates. Plus it adds a nifty way to message people across the organization.
Every BYOD’er uses strong passwords and their devices self-lock when idle more than five minutes, right? As if. So make these things mandatory.
Jailbroken (iOS) or rooted (Android) devices could be strictly forbidden from accessing the network. Employee access to your network and confidential info could be limited by role. Every device should be remotely wipeable – in case of emergency, loss, policy breach or employment termination.
Take Labour Laws Into Account
Part of staying safe is protection from shocks. Are you getting hit up for unexpected overtime pay? It’s a prospect when employees keep using workplace apps and tools after hours. Usage expectations got to be clearly identified in your BYOD policy.
Be Firm On Reimbursement
When supplying the equipment, an employer usually pays the shot. That includes devices, phone and data plans, ISP fees and obligatory apps.
With BYOD users that changes. Tell them what percentage or amount of the above will be subsidized or paid for. Also, let them know if roaming charges and plan overages aren’t covered without approval.