Mobile devices make it possible for communication any time, almost anywhere. Remote employees using their tablet or phone can access information, forward it to other people, videoconference, take notes and read them in the dark with their flashlight app, check their calendar, get directions, and be available 24/7 for a phone call.
All this mobility makes us more productive. Unfortunately, it also brings risk. The risk of lost, stolen, or corrupted corporate data — both on the phone and accessed through the phone. Gartner, Inc., an IT research and advisory company, predicts “… by 2018, 25 percent of corporate data will completely bypass perimeter security and flow directly from mobile devices to the cloud” — giving hackers possible access to enterprise databases and passwords stored on the device, or the ability to eavesdrop on communications.
Besides data security, there are other concerns with employees — particularly those using their personal mobile devices for work.
- Can your IT department support all those different employee-owned devices with all those different operating systems?
- Clients can now reach your employees 24/7, and so can you. This is all considered work time — do you have to pay overtime?
- What if an employee’s tablet is stolen? And that tablet had detailed customer financial information?
- What if an employee has an accident while using his or her personal cell phone to make a business call? Could you be sued?
Manage the risk. By creating a bring-your-own-device (BYOD) policy that’s flexible and clear, you can clarify the blurred lines. Laws are different depending on your industry — with health care and finance being more tightly regulated. Here are four areas to consider.
1. Acceptable uses, devices, and software
Which devices are allowed? Consider that older-model cell phones do not have data encryption. Should you require the employee to use password protection? This would also be a good place to outline required or prohibited software.
2. Explanation of Technical Support
Will you require the employee to work with your IT department for security updates and remote access? Do you have a customer enterprise app that needs to be installed? Is there other specific software you want the employee to use? Should your technical support have remote access to the device in case it’s lost or stolen or the employee leaves?
3. Employee Responsibility
Do you want employees to account for time they work remotely? Do lost or stolen devices need to be reported? Spell out who pays for the service, repair, and replacement. Outline any monthly phone stipend. What’s the exit policy?
4. Explanation of mobile device management software and practices
Employers need to protect confidential customer information. Being able to remotely access a device with company information if it’s lost or stolen or the employee leaves makes it possible to delete company data. Outline those details, making sure the employee knows which/if any information on the phone is private.
The process of creating a BYOD policy should help you define the risk. Strive for balance and a policy that is not so restrictive as to cause employees to find a way around it. Take the time to explain it well to employees and be sure to revisit it often as technology changes.