BYOD – The Six-day Monday to Friday Week?
In analysis / By Howard Smith / 06 August 2018
The US research and consultancy firm, Global Market Insights estimates that the bring your own device (BYOD) market will be worth $367 billion by 2022. That’s up from $94 billion in 2014.
So what’s the big attraction in bringing your own device to work?
As the employee, using the same laptop, tablet and/or mobile phone you use in your own time makes work feel more ‘like being at home.’ It’s easier, faster and more intuitive. In fact, many people are logged on and ready to get started even before they arrive at work. So, you’ll be more productive too – one study showed BYODers save 81 minutes a week by using their own as opposed to the company machine. That equates to just over a full working day a week for every six employees.
As the employer, you’ll save on hardware, desktop support and device training - and benefit from that increased worker productivity.
But it’s not all plain sailing. If you’re to get the full benefits of BYOD while staying compliant, efficient and in control of your organisation’s data and processes, there are factors to consider.
The big one, of course, is security and your organisation’s compliance with GDPR. Ask yourself these three crucial questions:
- How secure is the employee’s device? Few smartphones and tablets are equipped with the sort of security and data protection software a commercial organisation would need. Biometrics such as finger print and facial recognition, which are necessary when using apps such as Google Pay and Apple Pay are great. However, among people who don’t use these apps, activation of factory fitted security features is low. Such unprotected devices are then open for malware to enter via a public Wi-Fi. Once inside, it’s a short hop to your corporate network.
- What happens if the device is lost or stolen? In either of these scenarios, there’s no telling where valuable, sensitive and/or confidential information can end up. Consider the commercial, legal, reputational - and therefore financial - chaos that could follow.
- Can you extract or wipe data stored on an employee’s device? BYOD means having information necessary for an employee to do their job being held in places beyond your reach. Your organisation doesn’t own the device, so what access will it have in an emergency?
Put security and compliance at the core of your BYOD policy and consider incorporating a daily protected backup and data loss prevention monitoring. Also, ensure the system is able to pull information from multiple devices and apps into a single place. Sensitive data could, for example be residing in WhatsApp, emails text messages and business-specific apps.
You may need a slight culture shift in your organisation, too. Traditionally, IT security risks were dealt with by the IT and/or compliance functions. With BYOD, this responsibility is increasingly shared by the employee. After all, nobody wants to be restricted in how they use their own device – particularly when it comes to social media and online networking.
Archiving and backing up can get complicated with BYOD. At best, poor backups could mean employees using obsolete information or superseded document versions. At worst you could fall foul of GDPR or be unable to produce documents under eDiscovery in the event of a lawsuit.
In-house expertise across operating systems
BYOD means your organisation no longer decides that everyone will use the technological platform favoured by the IT department. It means your networks and applications must be compatible with whatever version of whatever operating system your employees’ devices run on, from Windows to Mac to Android. Accordingly, expertise across your IT department will need to be wider than in the pre-BYOD days, yet just as deep.
Creating a robust BYOD policy
It’s clear then that simply opening your networks and apps to all and sundry and letting BYOD run itself is not an option. You’ll need a BYOD policy and processes to implement it. As well as the security elements we discussed above, a good BYOD policy should take account of:
- Usability – keep control systems as simple and unobtrusive as possible, yet effective when they need to be. Ensure employees can deal with a business issue without it affecting their own personal data or apps. A self-service portal where users can locate, deactivate or lock lost or stolen devices remotely could minimise administration and costs.
- Flexibility – mobile technology is changing all the time and your BYOD scheme needs to be able to cope. Perhaps a cloud-based system is the best way to future proof your BYOD policy?
- Acceptability - for your employees to accept their responsibilities in your BYOD policy, they need to fully understand them. Create a thorough communications plan that explains the practical, commercial, financial and legal issues around security, data storage and archiving. If you have to insist that certain tasks can only be carried out on certain types of device or that a particular internet connection must be used, explain why.
- Visibility – your IT people will need visibility over every device used in your BYOD scheme. As a minimum, this should include the name and operating system of every device, the type of content it is processing or sharing and the websites that are being visited. Memory usage, roaming status and battery charge levels are also useful.
- Functionality – administrators must also be able to assess every device’s security settings, set thresholds and alerts, determine individual access levels and block apps considered inappropriate or risky. Finally, as we saw above, it’s essential for the organisation to be able to extract or wipe data from lost or stolen devices.
If you cover these bases, BYOD can be great for your business. The costs involved in minimising the risks are far outweighed by improved staff morale and productivity.
You could, in fact, get six working days for the price of five.