Companies implementing a Bring Your Own Device policy are perceived as innovative and younger, but do the risks outweigh the benefits?
Many ICT departments, especially ones on low budgets, find it difficult to keep up with the latest hardware and technology innovations. On the other hand, most tech-savvy employees especially the younger generation buy the latest laptops, tablets and smart-phones. Some companies are introducing a BYOD, Bring Your Own Device policy at work to allow employees access over corporate servers using their own personal electronic equipment.
Companies implementing such a policy are being perceived to be more flexible and may increase employee morale as anyone can use whatever productivity software or operating system is prefered. Whether an employee would like to access corporate emails on his large screen phone or on a laptop wouldn’t make a difference, it’s a matter of personal preference.
Whilst BYOD may sound avant-garde and may improve a company’s public image, a business needs to consider all implications before allowing any of it’s employees access to it’s corporate data. An IT review should be considered before implementing such a policy. One has to ask what data is extremely sensitive and what are the implications if an employee’s device is lost or stolen. Would the company be able to enforce a particular type of virus protection on all devices and what would happen if such devices are to be shared with other family members, especially children, what would the consequences be?
Although costs associated with hardware procurement may be lower for a company implementing a BYOD policy nevertheless a business must consider that operating costs may eventually add up, especially if a company is to support all operating systems, iOS is inherently costly and Android systems are extremely complex to manage since there are many different versions.
Solutions exist that can help a company overcome such problems. Corporate applications may force users to partition all work related data and enforce alpha-numeric passwords which are changed periodically. Anti-Malware software should also be installed to avoid that employees unknowingly download a keylogger which may help third parties gain access to corporate servers. IT departments should not only secure the devices but if possible even the data itself, by identifying the most sensitive information and encrypting these documents which would mean that if such files fall in the wrong hands they may be unusable.
Once a business manages to overcome such obstacles, the gains are enormous, according to a study by US tech-related research firm Gartner Inc., implementing a BYOD at work leads to happier, more focused and more productive employees. Productivity increases as users of a particular device become more proficient in using it, as they spend more time interacting with that particular technology even outside working hours. Communication processes are also sped up with BYOD, as employees receive and respond, happily, to emails even after work. Interviewed employees also stated that they are taking a more avid interest in researching and downloading security patches for their own operating systems, looking for and even purchasing apps that may increase their overall work output.
Younger professionals said they might even consider changing jobs if another company offered the exact same pay package but implemented a BYOD environment. This same survey shows that most companies are unable to stop their employees from using their own personal devices, not even companies which operate in the security or intelligence sectors.
Expanding markets, such as India, Russia and Brazil are showing a high rate of inclusion of BYOD policies, whilst most companies in the USA are still considering or at least studying the introduction and unfortunately Europe is still lagging behind in this cultural shift. Amongst the most notable companies who started allowing their employees to bring their own devices to work, we find IBM and Intel who started this trend in around 2010, during the same time when smart-phones and data plans became everyday occurrences. Today it seems that smaller companies tend to prefer a BYOD work environment and larger corporations and government departments are finding it difficult to implement such a cultural shift.
A business has to also consider ramifications related to the legal and data protection aspects of implementing the BYOD policy. Companies might decide to upload certain software on authorized devices or do backups, but what happens if the company backs personal information as well in the process. What would happen if an employee leaves the company?, should the IT department be allowed to erase any data on the user’s device or should a company just take the employee’s word that it has been deleted.
Although laws exist to cover unauthorized access and copyright issues, a business must consider that many countries are not yet legally prepared to protect business interests of companies who allow users to access data on their personal devices, therefore companies must ensure that contracts drawn up before employing someone include clauses to protect both parties and to ensure a smooth handing over of data if required.
It seems that taking an extreme position at either end of the spectrum is wrong for business. Either allowing all corporate data to be accessed from any device or absolutely not allowing anyone to use any device other than the corporate issued laptop under any circumstance is bound to create problems. If a strict no personal devices policy is implemented, employees might still find a way to log on to their corporate email or copy documents on USB sticks to perhaps work on them later on at night, this may be even riskier as employees may not co-operate if a secure system is breached. As the demarcation between work and personal time is blurring out one has to consider that it is practically impossible for any company to stop employees from using their personal devices. In this day and age it pays to implement a Bring Your Own Device policy, it doesn’t have to be radical but it should at least encompass issues such as what constitutes safe use, any reimbursements related to own device-use, password protection, security and acceptable use or storage of proprietary information.
This article was published on the Sunday Times, 27th September 2015 TechSunday Supplement. Please do not reproduce without permission. Copyright may be shared between newspaper and author.
Original Article Scan link: http://files.ianvella.com/getting-personal-28Sep2015.jpg