Bring your own device (BYOD) is an IT consumerization trend in which individuals use their personal computing devices (smartphones, laptops, tablets, etc.) for work-related or school-related tasks. BYOD has significant implications for network security and IT support, as well as employee satisfaction and productivity.
In this definition...
How BYOD Works
A business’s level of security procedures will depend on the type of organization. For example, finance or healthcare organizations require higher levels of security than a small startup web design firm.
Once security policies are established, organizations should define acceptable usage guidelines to determine how BYOD devices may be used during the course of business activities. This will help prevent malware or viruses from gaining access through unsecured websites and applications. These policies should cover:
- Acceptable applications for employees to access from personal devices, with a clear delineation of the types of acceptable and unacceptable applications
- Which websites are off-limits while connected to enterprise resources, corporate network, or VPN
- Which enterprise applications and data can be accessed from user devices (i.e. email, calendar, messaging, contacts, etc.)
- Storing and transmission of illicit material or utilizing personal devices for other outside business activities
Policies should be enforced through the use of BYOD mobile device management (MDM) software, which enables monitoring, managing, and configuring BYOD and employer-owned devices from a single central dashboard. Typical MDM functionality for BYOD includes:
- Automatic scans of BYOD devices for threats, including blocking dangerous applications from the corporate network
- Pushing anti-malware updates to devices and ensuring its installation
- Remote installation of updates and patches to OSs and applications
- Security policy enforcement
- Automatic backup of enterprise applications and data periodically or on demand
- Wiping lost, stolen, or compromised devices remotely
Once BYOD policies are established, they must be communicated to employees, and sufficient training must be provided to make adoption simple and widespread.
A training manual for new hires that outlines the policies and why they were chosen can help alleviate fears of the organization “spying” on employees and help increase their comfort level with policies and MDM software alike. This manual should conclude with every BYOD employee agreeing that they have read and understood these policies to protect the organization from any liability caused by illegal or inappropriate use of their devices.
Finally, BYOD plans should include an exit plan for employees who leave, regardless of their reason for departure. HR and network directory exit plans should have a BYOD exit checklist that includes disabling of company email accounts, remotely wiping employer information from devices and entirely wiping company issued devices, and changing any shared password to company accounts.
Additionally, BYOD policies could include defining a stipend from the company to help pay for BYOD data plans or home broadband connectivity and could include whether employees who check email or answer business calls after hours are entitled to overtime compensation.
How to Develop a BYOD Policy
BYOD policies have a lot of impact in whether or not a company is successful in employing safe and efficient BYOD practices. While developing these can be an intimidating process, there are several steps one can take that will help them build effective policies including:
- Use informative language in order to educate employees on what is appropriate and what is not
- List the types of approved devices
- Assign responsibility on data ownership in order to ensure the right people define usage directives and resolve data issues
- Determine the different levels of IT support that are granted to personal devices
- Describe how the BYOD policy integrates with the overall IT security of the company, including company-owned devices
BYOD (MDM) Software
Small businesses can use MDM or BYOD software to increase their employees’ productivity while using personal devices without compromising their security. Some popular BYOD software includes:
- Good Technology
- Open Peak
Many employees enjoy the flexibility of using their own devices either as a supplement to provided equipment or as a total substitution. They’re naturally more familiar with these devices, which leads to increased productivity and efficiency. In some cases, the flexibility of BYOD can also improve morale and workplace satisfaction.
BYOD can also have a positive impact on employers’ IT spending, as they are not paying for the device up front or maintenance and upgrade costs. The flexibility of an employee using their own device also means they can easily work from any location, thereby positioning an employer to meet rising remote workforce trends. Further, BYOD policies can alleviate the burden of providing specialized equipment a student or employee might already own.
While there are many benefits of BYOD policies, there are some notable drawbacks. First and foremost, personal devices make it difficult to streamline antivirus software, firewalls, and other types of software used to secure a network. This means data stored on those devices is often at risk of being accessed by an unauthorized user. BYOD also makes it difficult to guarantee an employee no longer has access to sensitive files and programs after they leave the company.
For this reason, an employer might implement detailed security requirements for each type of personal device connected to the corporate network and used for work-related tasks. For example, IT may require devices to be configured with passwords, prohibit specific types of applications from being installed on the device, or require all data on the device to be encrypted.
Other BYOD security policy initiatives may include limiting activities that employees are allowed to perform on these devices at work (e.g. email and phone calls are permitted, but social media is restricted) and periodic IT audits to ensure the device is in compliance with the company’s BYOD security policy.
Employees and students might also experience frustration when their equipment malfunctions and their organization’s IT staff aren’t able to easily troubleshoot or replace the device altogether.
The question of accessibility and personal preference can also arise with BYOD policies. Some employees or students might not be able to afford to purchase or upgrade the equipment required to do their work, or they may simply prefer to keep their personal devices separate from those used for work-related purposes.
BYOD VoIP Subscription
Another common use of BYOD is to describe a specific type of Voice over Internet Protocol (VoIP) subscription model. Subscribers who have their own SIP-capable device when signing up for a VoIP service will usually be able to take advantage of a cheaper subscription plan when they use BYOD.
However, not all VoIP service providers will offer special rate plans for subscribers with their own equipment. If a BYOD subscription is unavailable through a VoIP provider, customers must use the provider’s equipment instead of their own.
UPDATED: This article was updated February 7, 2022 by Amy Yang.