How to Write a BYOD Policy

Do you have a BYOD policy?

The rise of mobile is clear to see, and yet many organisations have yet to address it in their working practices.

Tablet and smartphone use is on the rise in the workplace, and employers are beginning to realise the new challenges posed by BYOD (Bring Your Own Device). While BYOD can allow for added flexibility, facilitate remote working and aid employee communication out of office hours, security concerns can also have a serious negative impact on your business.

Defining a safe procedure for mobile device use, , the dos and donts for users, in a clear, well-written and implemented BYOD policy, can mitigate against these potential problems, especially in larger organisations.

Do you need a BYOD policy, and how to you go about writing one? In this article, we’ll show you how to write a BYOD policy. But first, let’s look at why you need one.

The Challenges of BYOD

There are always going to be problems when personal and business data is stored on the same device.

The proliferation of smartphones, tablets and laptops is throwing up a number of tech issues for employers, especially with their free and open osmosis between work and home networks. BYOD is one of the hottest security issues being debated today.

The larger the company, the bigger the problem – it means more blackberries, androids, iPhones, iPads and tablets accessing email, secure desktop, outlook and other server or network-based services.

“Once stored on a personal device, data is only as secure as the security measures in place on that device.”

Computer Weekly

Most personal devices aren’t encrypted, so anyone with access to the physical device can easily access any information stored on it. In the event of a device theft, then, the data is only secure as any passwords that protect it as the only line of defence.

Other’s data, controlled or processed by the business, will likely end up stored on employees’ personal devices, for example, which significantly increases the risk of it being lost or stolen. Equally, employees’ personal data can end up on the company server through back-up or document misfiling, posing real risks to your employees.

Employees and employers share the risk, then, so every organisation should draw up a BYOD policy to protect them both.

Writing a BYOD Policy

The best way to allow employees to get the best out of using mobile devices at work, while at the same time protecting and keeping separate personal and business data, is to write and implement a clear BYOD policy for your organisation.

When writing a BYOD policy, it’s important to strike that balance between agilility and security. You don’t want to lock data down so tight that remote workers can’t access it from the road, for example. Nor should you ignore the inherent security risks of BYOD.

Each BYOD policy will be different, tailored to each individual company, but there are some core guidelines that you should aim to follow when writing one. First you should outline which functions a mobile user can access, protecting key parts of your network from external threats.

Next, you should make clear, in a blacklist and a whitelist, which apps can and can’t be accessed  with mobile deviceson the business network. Though hardly foolproof, this is an extremely effective way to regulate mobile device usage and minimise security threats. Antivirus apps and other firewall and security software should feature clearly on the whitelist.

Your BYOD policy should outline how users can protect their devices and best practices when a mobile device is lost or stolen. Where possible, the wide range of Mobile Device Management (MDM) tools on the market can configure, secure, monitor and wipe mobile devices and help you enforce BYOD policy.

Finally, it’s important to agree on a BYOD policy once it’s written. Each employee should sign a clear agreement to say that they will comply with the new policy. It should be indisputable to protect employers in the event of human error.

Do you lack the knowledge and experience in-house to draft a comprehensive BYOD policy? Maybe you need to recruit a mobile security expert to help? The expert you need could be in our pool of top digital talent. Get in touch to find out.