BYOD (bring your own device) - where employees use personally owned devices to do their daily work – is a fast growing trend. In the US up to 40% of businesses have introduced BYOD, with most Australian businesses exploring their options. Driven by the constant proliferation of smaller, smarter and cheaper devices, BYOD shows all signs of becoming a workplace norm.
A formal BYOD strategy is essential to managing the security of multiple corporate-connected devices. For productivity gains, however, your BYOD strategy will need to go beyond security. Here is a practical checklist to help you achieve BYOD Best Practice. It might be a starting point for discussion with your Management and IT teams and/or Mobile Device Management provider.
Clarify expectations from BYOD.
- What are the benefits of BYOD for your organisation? For example, improved productivity, mobility, customer engagement, staff retention and recruitment, business process improvement.
- How will employees benefit from BYOD? Are they interested in teleworking? Are they motivated by device choice at work?
Balance BYOD benefits with risks.
- What are the security implications of non-corporate devices accessing and distributing company data?
- Will BYOD reduce hardware costs? Will any savings be offset by program management costs?
- Are there any legal implications? Consider compliance and government regulations, Privacy Laws and protection of personal data, software licensing, Freedom of Information Laws in the event of a dispute.
- What type of devices will be supported, eg. home PCs, laptops, tablets, smartphones and sensory devices?
- What variety of devices will you offer? Options range from a list of approved devices, operating systems and applications, through to a universal enrolment program.
- Do you need to restrict access to certain types of content? Should this be restricted by device type or by role?
- How many devices can each person enroll?
- Who is eligible for BYOD?
- Have you positioned the BYOD program as a work perk for employees?
- Are employees confident that their devices are 'spyproof'- that IT cannot see their personal data?
- Will employees enroll in the formal BYOD program, or will they look for ways to bypass security measures with unsupported devices?
- How you will you manage social media usage?
- How will the BYOD policies be enforced?
BYOD in practice.
- Will your IT network cope with the increase in Wi-Fi traffic?
- How will the BYOD program keep up with the pace of new devices entering the market?
- Does the BYOD program integrate with any broader organizational mobility strategies?
- What level of support will be offered for personally owned devices?
- How will you train existing and new employees to adopt BYOD?
- How will support be provided, and by whom – IT helpdesk, online self-service portal, Mobile Device Management provider?
- Which data need to be wiped when an employee leaves or a device is lost?
- Who covers replacement costs in the event of device loss?
- Who will be responsible for managing the BYOD program, including cost containment?
- Will you outsource the program to a Mobile Device Management provider?
Assess outcomes and refine program.
- How will you measure the success of BYOD eg. enrolment data, change in work outputs, customer surveys, employee surveys, number and type of security breaches, policy breaches.?
- What data can be collected from enrolled devices?
- How can information analytics be used to refine the BYOD program.?
A robust BYOD program covering objectives, risk, policy, implementation, and performance improvement is the best way for businesses to be prepared for the hyper-connected future and the seemingly unstoppable trend of BYOD in the workplace.
- ITNewcom , 'IT Market Report (Australia),' 2013
- Airwatch/vmware, 'The New BYOD: Best Practices for a Productive BYOD Program,' 2014
- Australian Government Department of Defence, 'Information Security Advice, Bring Your Own Device (BYOD) for executives,' updated Feb 2014.
- C Greig, 'How to Create a BYOD Policy,' Macquarie Telecom Pty Ltd, 2014