Is Your Organization Ready for The Bring Your Own Device Approach?
More employees than ever before are using personal devices for work purposes so they can get more done in less time. And given that the BYOD (“Bring Your Own Device”) approach helps organizations cut costs and increase productivity, it’s not surprising that employers are on board, too. In fact, a Gartner survey predicts that by 2017 half of employers will formally require their employees to supply their own device for work purposes; joining the millions of others who already do it voluntary.
However, not everyone is celebrating the BYOD revolution. IT staff are justifiably concerned that mobile devices and, particular, the apps that employees use to check email, connect with colleagues, and carry out other tasks and activities are security vulnerabilities. As highlighted in a recent article on SiteProNews.com:
Perhaps the biggest way that BYOD can cause a problem for businesses is the security issues it raises. With BYOD being part of the office for a number of years now, industries are getting solid data on where to focus their attention, and security is easily the most concerning. In one security survey from this year, an incredible 95 percent of organizations said they had difficulty overcoming the security challenges that BYOD presented to them. Equally concerning is the 82 percent of respondents that said that despite the large number of security incidents in 2014, they expected an even larger number of incidents in 2015.
Despite the security concerns, turning back the clock and banning BYOD is not a practical reaction.
A Cisco survey found that 90% of employees are already comfortably sitting on the BYOD bus. What’s more, a survey by network security company Fortinet found that 51% of Gen Y employees (those defined by the survey as between 21-31 years old) admit that they would circumvent any policy prohibiting the use of their beloved device for work purposes.
Given that BYOD is only going to become more prevalent in the years ahead, it falls upon HR to work with their colleagues in IT, legal and other departments to draft robust, realistic and enforceable policies.
Here are some key things to bear in mind during this process:
- The policy must help employees understand that the risks of BYOD go beyond data theft. Even if the data is not used by cyber criminals, the fact that it was stolen or even vulnerable to theft in the first place could cause the organization to be in breach compliance laws. As such, employees need to be trained on the legal implications of circumventing appropriate use policies.
- The policy must include some agreement that enables the organization to remotely wipe data in the event that an employee’s personal device is lost or stolen; which is something that will occur more often as more of these devices are used.
- The policy must clearly explain how employee-owned devices will be secured in the event that an employee is terminated or quits. Many employees don’t want to let IT staff near their personal device at any time; but particularly when they’re on the way out the door (or have left already). However, company-owned data belongs to the organization and there must be an agreed upon way to collect and then erase it.
- While it’s wise to do additional research (there are good BYOD policy-related articles on www.CIO.com and www.Fortune.com, for example), this is not a DIY effort. Get legal advice to ensure that the policy is complete and legal. Otherwise instead of compliance and safety, organizations could face complaints and lawsuits.
Like it or not — and again, most employees love it – BYOD is here to stay. As such, the question that organizations must ask is no longer “do we really need a BYOD policy?”, but instead “how quickly can we put a BYOD policy in place?”
About The Author:
Michelle Ventrella. HR Director, PIVOTAL Integrated HR Solutions. Michelle is a visionary HR professional with over 10 years of in-depth experience leading, developing, delivering, managing and strategizing HR solutions at all levels.
Opinions expressed in this article are those of the author and not of The HR Gazette or its team members.