This article was updated on June 11, 2018.
Bring your own device (BYOD) has been a major business trend over the past several years, and it reflects the consumerization of information technology: Employees typically own their equipment (smartphones, laptops, tablets and USB drives) and will bring them wherever they go, including into work. This portability helps enhance business productivity by enabling employees to get work done anywhere, anytime, without the business needing to spend money on additional technology.
Risks to Data Security
While a bring-your-own-device policy offers clear benefits, it carries risk, too, primarily concerning data security. Allowing employees access to business data through their personal devices can open small businesses to an array of potential problems they can't afford, including computer viruses and data theft. An employee may have sensitive business information saved on a personal laptop, for example, which could get lost or stolen. Having a plan in place, such as the capability to wipe data from a stolen laptop, can help mitigate this risk, however.
It's up to each individual business owner to decide whether the pros of BYOD outweigh the cons. Some companies mandate that employees only work on employer-distributed devices. If you decide to permit BYOD, here are some tips for creating a policy that'll help minimize the risks of lost, stolen or corrupt data.
5 Steps for Crafting a Bring-Your-Own-Device Policy
1. Define what devices are allowed in your business's policy. You may want to support laptops, for example, but not smartphones or tablets.
2. Define which business activities employees can perform and which enterprise applications they can access on personal devices, and prohibit access to other activities and applications. For instance, employees may have full access to a business email app but not to a private one that could increase the risk of viruses.
3. Make sure personal devices are configured for passwords, access restrictions and encryption. This may be your best move for protecting sensitive company data.
4. Communicate clearly and consistently about your BYOD policy, and make sure your employees are fully trained. Conduct regular audits to ensure employee compliance.
5. Don't slack off on security. Employees will likely view policy restrictions as obstacles to convenient access on their personal devices. These restrictions are indeed obstacles, which is why you have them. Whatever makes it tougher for sensitive business information to be compromised is good for everyone.
Let employees know that use of their own devices is a privilege but that every employee is ultimately responsible for data security at all times. Creating an organizational mentality of security is about change management, so keep up the communication, training and constant reminders of what your BYOD policy requires. Your people are your best defense.