Thursday, January 9, 2014

Critical Issues to Spell Out in a BYOD Enterprise Policy

illustration by Dan Page
You can't stop people from bringing their mobile devices into a company network. Period.

Seven out of ten companies today are facing the reality of having to define policies and employees rules for personal devices interacting digitally with the company network, states If a company can find a way to keep personal mobile devices relatively safe for the company network, their use can be advantageous, especially in reduced equipment costs for a business and increased productivity.

Luckily there are a variety of Mobile Device Management and Mobile Application Management solutions that enable them to do so. But even with these solutions, it’s important for companies to spell out clear policies.

Define the Critical Parameters

There are number of big, hot-button issues companies have to define with a BYOD policy being instituted. Ignore these issues and there will be headaches later on, particularly with employee behavior as well as network intrusion risks. The parameter issues include:

  • Define Allowed Devices: Whether that be Android phones or Apple devices or some other type, choosing a particular platform keeps support from getting out of control. Unsupported phones should also be specified. They may still work with the network but no support will be provided to help with technical issues. 
  • Spell Out Damage Policies: The most cost-effective approach is to simply tell employees they use their own device at their own risk. If they are worried about damage, those positions required to use a phone can use a company phone. Otherwise, the risk is borne by the employee, not the company. 
  • Have a Nuclear Option: If a user wants to connect to a company network, he or she needs to agree that the company has the option to remotely “wipe” the phone of any company data. The BlackBerry Enterprise 10 allows for the option of a wipeout. The average data loss impact for small business companies is over $125,000. Big companies lost an average $430,000, according to If a wipe occurs, any company data, emails, contacts and photos will be cleared completely from the given phone. Employees have to be willing to accept this approach. 
  • Watch Out for Local Laws: Different states and countries have different rules about tracking or affecting someone’s private phone. Employees should be required to sign a waiver allowing a company digital access to a personal phone if they want to connect it to the business network. 
  • Spell Out Employee-Use Policies: Who pays for damages if a worker answers or texts for work on a phone while driving and gets into a car accident? A company needs to have a set and clear policy on what sort of employee behavior is allowed by the company, even with their own devices. Without it, the business could easily find itself liable in the example above. 

Make It Clear

The most successful BYOD implementations involve companies that make it clear how employees can interact and should behave with company access. Granted, there will always be a few black sheep workers who never seem to listen properly. However, for the majority, a lot of headaches can be avoided by spelling out all the details of use and companies right well ahead of time. Then, when a phone is nuked because it seems to be compromised, it will be unfortunate but understood as a necessary defense.

Idan Hershkovich is Online Marketing Manager at Magic. He’s an early mobile adopter and an Apple fanatic. 
Magic provides powerful and versatile enterprise-grade, application, enterprise mobility and data integration solutions.