And how can your IT department manage the risks without cutting into the perceived BYOD benefits? By planning ahead for the next employee departure.
BYOD layoffs: Plan for the future
If your company is in the happy position of not having to lay anyone off in the near future, then you have time to get a game plan together. Here is a rundown of policies and practices you should consider implementing to make the unfortunate event go more smoothly, while mitigating company risk.
Have a written BYOD policy
This is a simple idea in theory, but not an easy one in practice. TeliApp's Weiss says that it took his company three months to come up with their current policy. "It started off as a simple paragraph and turned into what felt like a three-page demand letter," he says.
Why did it take so long? TeliApp treated it like a software development project. After that one paragraph, Weiss and his management team began compiling what-if scenarios and incorporating them into the policy -- what Weiss calls the policy's "alpha testing." Once the team discovered they hadn't thought of everything, they expanded the BYOD policy to include the real-life situations that arose. After this beta period, the policy was set.
For managers looking to establish a BYOD policy, here are some of the issues to consider:
- Defining "acceptable business use" for the device, such as which activities are determined to directly or indirectly benefit the business.
- Defining the limits of "acceptable personal use" on company time, such as whether employees will be able to play Angry Birds or load their Kindle's ebook collection.
- Defining which apps are allowed or which are not.
- Defining which company resources (email, calendars, and so on) may be accessed via a personal device.
- Defining which behaviors won't be tolerated under the rubric of doing business, such as using the device to harass others on company time, or texting and checking email while driving.
- Listing which devices IT will allow to access their networks (it helps to be as specific as possible with models, operating systems, and versions).
- Determining when devices are presented to IT for proper configuration of employment-specific applications and accounts on the device.
- Outlining the reimbursement policies for costs, such as the purchase of devices and/or software, the worker's mobile coverage, and roaming charges.
- Listing security requirements for devices that must be met before personal devices are allowed to connect to company networks.
- Listing the what-ifs, including what to do if a device is lost or stolen, what to expect after five failed logins to the device or to a specific application, and what liabilities and risks the employee assumes for physical maintenance of the device.
Consider other employee policies
Most companies have established noncompete, confidentiality, and nondisclosure agreements. With these legal protections in place, Weiss says, your employees are already constrained from walking off with a company's intellectual property and using it for their personal gain.
Monitor where your data is going
This is where IT can shine. By setting up shared company file servers and as well as protocols for who can access files and how, IT can monitor people accessing any locally hosted files.