BYOD can be a boon to productivity. It’s convenient and users like the ability to work with the devices with which they are most comfortable. Additionally, there might be cost savings for the company when users provide their own hardware. Large organizations often enforce formal policies to realize advantages while mitigating risks of BYOD. They also invest in technologies that make it easier for IT departments to safeguard corporate data even when it’s accessed from a device the company doesn’t own. Small business owners, however, could wonder whether it is worth the expense to implement.
It would be a mistake for any business owner to ignore the BYOD question. “Just Say No” probably won’t work because some users will easily figure out how to connect their smartphones and tablets to the company’s email system and perhaps even to its internal network. “Just Say Yes (And Hope for the Best)” might also be a costly mistake. Is there another choice?
A thoughtful, practical alternative
The alternative is implementation of a BYOD policy that balances user wants with the company’s need to support productivity, protect resources, and manage costs. A qualified IT service vendor can help with this. A budget-conscious business owner might start by doing research and adapting BYOD policy examples from other organizations to fit his or her business. A BYOD policy should complement and extend your information security policy and acceptable use policy.
Your security policy should provide reasonable safeguards against unauthorized access. Passwords shouldn’t be “1234.” Those responsible for IT should have procedures for granting access to company resources, including in emergency situations. Rules should clarify what can be shared in public-facing resources such as public or shared Dropbox folders or FTP servers.
Your acceptable use policy should be designed minimally to prevent abuse of IT resources that affect other users and prohibit users from damaging the company’s reputation or even exposing it to legal risk. Among other things, this would mean prohibiting the use of company resources to publish spam, hateful or other illegal speech or to adversely affect internal or external systems.
With your security and acceptable use policies in hand, consider what new implications arise from the use of employee-owned devices. You might need to revise and strengthen some of your existing guidelines. You should identify and answer the unique questions raised by BYOD:
- Will the company pay or share the cost?
- Will IT provide tech support on user-owned devices?
- Will there be a list of approved hardware, operating systems and applications?
- Will the company have the ability and right to remotely “wipe” a device that has been lost or stolen (or when the employee is terminated or leaves the organization)?
BYOD is here to stay. The “consumerization of IT” is a cultural phenomenon and business trend. A thoughtfully-developed policy will help manage risks and maximize BYOD benefits.
Want more expert advice? Check out COSE Expert Network, an online forum connecting business owners with creative solutions to the tough questions they face every day.
This article originally appeared in the August 31, 2015, edition of Small Business Matters.