As companies offer flexibility to employees in the workplace, more businesses are opting for BYOD policies where employees can use whatever technology they have to do their work. For the employee, this is an easy way to work on more expensive and modern technology that the company might not pay for while the employer saves money and resources. However, the fiscal benefit to the company is sometimes overshadowed by security concerns. To overcome that, consider including these three sections in your BYOD policy to improve security.
Password Rules and Reset Guidelines
Many companies require employees to have complex passwords on their corporate devices that change every 90 days. While this protects computers in the office, company data is still at risk when employees work on their personal devices. Oftentimes people leave theirpersonal computers unprotected or use simple passwords that are easy to guess and never changed. Be sure to address password protection guidelines in your BYOD policy to ensure company data is protected regardless of the device.
Device Service and IT Support
If your employee catches a virus on their computer, who is responsible for recovering the data or wiping the computer clean? This might seem like a simple question, but is an important security feature for your company to discuss.
Your employees need to know what they’re expected to pay if their computer needs to be fixed and what can be brought to the IT department. While companies aren’t required to cover any service, they may opt to treat certain problems when it involves stopping the spread of viruses or recovering sensitive data that would otherwise be lost or exposed to third parties.
Depending on the company, this is also an appropriate section to discuss replacement devices (if the company supplements the cost) and temporary devices while the broken one is getting fixed. Discuss what the company will provide — if anything — and what the employee needs to provide for themselves.
Company-Supported Storage Guidelines
One of the primary reasons companies are embracing BYOD policies is because of cloud storage and software services. Employees can login from anywhere regardless of their location and device. However, your BYOD policy needs to be clear about what can be stored in the company-provided cloud.
If your company covers the cost of DropBox or has a corporate-wide drive, include verbiage discussing what personal content (if any) is allowed to be uploaded, stored, and shared in that space. While your HR manager sharing photos of her Disney trip might not seem like a big deal, a few photos and add up if everyone in the company uses the space for personal storage. This can slow the system and cost the company. Be sure to emphasize that cloud storage is work storage only.
For the most part, your company shouldn’t encounter many problems — security-related or otherwise — with your BYOD program, but it’s important to maintain a written policy that management can turn to when issues do arise. This ensures that all problems will be solved fairly and in a timely manner.
Image via Flickr by eltpics