Small and mid-sized businesses have jumped on the bandwagon allowing broad usage of individually-owned mobile devices, like smart phone and iPads, for access to corporate applications and data. A win-win BYOD policy can save SMBs money in capital expenditures and saves the employee from having to carry yet another device for work. In order to maintain security and efficiency, it is essential that SMBs thoroughly think through the technology involved and put into place a formal policy regarding usage of personal devices for work purposes.
Here are some suggested guidelines for developing a successful BYOD policy:
Determine what the device be used for, including what data and which applications will be accessible by the device. Your IT team should do an assessment to determine if you have the technology in place to support secure usage of a BYOD policy. Be clear on any device support limitations, including who is responsible for support of the device and the applications on the device. You may want to consider an acceptable use policy.
Will all employees be permitted to BYOD or should the policy be restricted to specific roles? Outline a clear plan on eligibility and the process for obtaining approval to use a personal device for work. Work with your IT partner to determine which apps will be available to which users and how each user will securely access the applications and data. Work with your legal team to put all employee risks and responsibilities in writing. BYODs come in all brands, shapes and sizes — work with your IT provider to decide if your BYOD program will support all personal mobile devices or just specific devices (i.e. iPads only or smart phones only).
Determine whether participating employees are eligible for reimbursement on the purchase and/or replacement of the mobile device and then set a dollar limit for reimbursement. Anything over that limit is the individual’s responsibility. Set reimbursement limitations for monthly fees, services and repair. Determine who is responsible for choosing a payment plan — the individual or the company? Outline exactly which services are not eligible for reimbursement (i.e. ringtones, games, non-work related applications, etc.)
What technology do you have in place to ensure security of the device and your data? Be sure to put a strict password policy into place. Consider how anti-malware will be installed and ask your IT partner for recommendations on vendors and versions of anti-malware programs. Determine how will you handle lost or stolen devices. Work with your IT partner to develop a process for decommissioning devices. Determine your wipe policy (i.e. wipe the entire device, apps or just corporate data) Be clear on the consequences should the BYOD policy violated. Users should be encourage to minimize the risk of losing personal devices or data.
These guidelines should be used only to get the ball rolling. Your IT partner should work closely with your legal team, human resources, upper management and top executives to develop and deploy an effective BYOD policy that fits your business’ financial goals and overall budget. All plans should take into account security, legal, regulatory, tax or other considerations that apply specifically to your company and its operations.