Bring Your Own Device (BYOD) is a growing trend that is helping many businesses to expand their worktime coverage and reduce costs. The concept is simple: rather than employees only using business owned computers and mobile phones, they configure their own devices to enable them to access business documents and resources.
The advantage of implementing a BYOD policy is that a business can save money on hardware expenses. Many businesses now expect their employees to be available in an emergency over the internet or via their mobile, but having staff on-call in this way this can result in a huge cost to a business if they need to supply a handset or laptop to every employee. The solution is to allow employees to use their own devices in work. This can, of course, pose several risks, as we explain here.
Risks of BYOD
There are two key areas of risk associated with using BYOD. The first risk area is IT Security. Allowing external access or allowing employee devices to connect directly to business computers will increase the risk of computer viruses and malware spreading.
Secondly, an employee needs to be trusted to maintain a professional relationship with the business. Office based workers are constantly reminded of their duties by the presence of managers and co-workers – however, when they’re at home, an employee may abuse their privileges.
Maintaining a secure network is possible by implementing a good cloud based security system that provides a firewall between the business network and all connected devices. The biggest risk is unreliable or deliberately fraudulent employees accessing business data from private devices. The news of leaked company data hits the headlines every month and this is largely due to employees abusing their privileges. It is recommended that only private cloud storage is used, unless the public cloud storage can demonstrate a very high level of security.
Allowing employees to access business data over personal devices does create some legal problems which need to be carefully managed. Data protection is a growing concern. The Information Commission Office (ICO) has published new guidelines for businesses that sets out rules and strategies to breaches of new data protection laws while encouraging staff to use personal devices.
The ICO has asked companies to:
- Audit all devices that are connected to a network
- Audit the information that employees are able to access remotely
- Block devices that do not provide high level encryption
- Using passwords or PIN codes on all devices that access corporate networks
Software licensing also needs to be addressed because many software licenses restrict how many users may operate installed software. Allowing remote access from multiple devices may be considered a breach.
The sharing of private information is another legal minefield; if employees are encouraged to use their personal smartphones this raises the issue of what information from their devices can employers access over the network. Will private documents and media be protected?
Work pay and overtime also needs to be carefully supervised. There are limits in place to the number of hours a person can legally be asked to work. Also, where a minimum wage is present, it is important to ensure that employees are not being expected to work additional hours from home if this means that their hourly rate falls below minimum wage.
Employers need to ensure that BYOD forms part of the employee contract and clearly state how the cost will be shared between employee and employer. BYOD can only work if employees own a suitable device and an employee should not be forced to join the scheme if it means incurring a cost. Devices are often lost or stolen and this provides both a security risk and a personal cost. The employee contract needs to be amended to clarify who insures against theft and accidental damage.
Termination of contracts
A company needs to be sure that any devices that have remote access to a business are immediately deactivated or blocked when an employee is dismissed. A process needs to be put in place to ensure that this happens and this may involve the personal device being reconfigured prior to the termination of a contract.
Cisco BYOD Smart Solution
To help address the many issues associated with BYOD, Cisco has developed a new service called the BYOD Smart Solution. This service provides businesses with tools to control the access to a BYOD network. The solution provides access points, controllers, security, network management and mobile collaboration apps. This ensures that the business is always in full control of who can access the network.
Encouraging employees to access business networks from their personal devices may be wrought with risks and complications, but it can help to improve productivity and develop a more loyal and engaged workforce. If you plan well and manage risk, BOYD can pave the way to a more productive business in the future.
About our guest author: Gary Gould is the Co-Founder of Compare Cloudware, one of the leading cloudware comparisons websites. Gary wants to help small business owners and start-ups to enter the world of cloud computing that will help them grow, including cloud-based financial tools, project management and CRM.