By Bahar Ferguson
What is BYOD?
A “bring your own device” (BYOD) policy allows company employees to perform work-related activities on their personally owned equipment and devices.
These activities include various tasks, like accessing company data and apps, connecting to the company network, accessing work emails, etc. The most common example of a BYOD policy in practice is the allowed use of smartphones for work activities, though employees sometimes also use their own USB drives, laptops and tablets.
Of course, blanket permission for the use of personal devices would undermine any company’s security practices — which is why a detailed BYOD policy is necessary.
How Do BYOD Policies Work?
Basically, a good BYOD policy will provide an outline of what the company considers an acceptable use of personal devices. In other words, operating them in a way that provides ample protection from ransomware, data breaches, hacking and other cyberthreats against the company. With this in mind, a well-defined BYOD policy is crucial.
Generally, the policy needs to be generally available in the form of a document that employees have previously agreed to. If employees follow the guidelines provided by this document, they will be able to use their personal hardware to access the company’s digital assets.
A good BYOD policy has to include some or all of the following:
• A definition of what constitutes agreeable use of personal devices for company activities.
• Approved categories of personal devices.
• Software that employees have to install to secure those personal devices.
• Specific security measures like password requirements.
• User responsibilities regarding network access and their devices.
• Company policies on personal data plans used for work-related activities.
• Exit plans for instances when employees wish to stop using their personal devices for company activities.
Best practices for BYOD
Having a detailed and practical BYOD policy is just half of the job. Companies must keep best practices in mind to successfully implement such policies:
• There must be a written BYOD policy easily accessible to employees.
• All the important details must be clearly outlined in the policy.
• As the cyberthreat landscape changes, the policy must be updated accordingly.
• The acceptable and unacceptable uses of personal devices should be described in detail.
• Advice on the use of tools required for the protection of corporate data.
• A monitoring and management strategy must be developed to ensure the employees’ adherence to the BYOD policy.
• Design processes for addressing stolen or lost devices.
• Create processes for security incident response.
• Make BYOD training a part of the employee onboarding process.
• Clearly outline the expected consequences for employees not following this policy.
Working with your HR department, IT partner and legal team, you can craft a functional BYOD policy that allows you to better protect your company network.
Bahar Ferguson is the president of Wasatch I.T., a Utah provider of business tech support, cybersecurity, compliance and strategy.