Bring Your Own Device – Risks and Rewards

What if smartphones had thoughts like we do?

Here are some excerpts of what might be going through the brain of a smartphone (if smartphones had brains). This one was purchased for personal use, but now also gets used for work, a situation commonly known as Bring Your Own Device (BYOD).

6:00 a.m — Rise and shine! Need a few minutes more? No sweat, I’ll ring you again in 15.

6:15 a.m. — Hey, no need to be so grumpy. Just doing my job here. Go yell at Alexa in the living room.

7:00 a.m. — Looks like a few emails came in from work last night.

8:00 a.m. — Texting, texting, texting. Must be at a red light. He wouldn’t do this if we were moving.

9:15 a.m. — Email from a client. Wonder if that attachment marked “Confidential” is important.

10:00 a.m. — Another Slack app notification. He says they come through faster this way. Wow, look at all of ‘em!

10:30 a.m. — Texting the wife. Must be break time. Of course he’ll pick you up at the airport, silly.

10:35 a.m. — Just enough time left in the break for a quick peak at Instagram.

12:30 p.m. — Here come the headphones (Bluetooth, of course). Listening to his favorite podcast, no doubt.

1:30 p.m. — Team meeting. Now I get to show off my audio/video chops when he brings in that guy who works from home on Facetime. Take that, Android.

2:15 p.m. — Group text! Seems like most people on the team don’t like the new manager. Oh boy.

3:00 p.m. — 45 interoffice emails already today. No problem, I can handle it.

4:00 p.m. — Leaving early to pick up his wife at the airport. Count on Waze to find us the best route.

5:15 p.m. — Logging in to public wi-fi at the airport. Use the VPN! Use the VPN! Use the VPN! Hopeless.

5:20 p.m. — I hope he logged into the correct public hotspot. This network feels awfully hinky. I hope it’s secure.

5:25 p.m. — Oh no … he’s forwarding that client email with the Confidential attachment and something has gone wrong. Looks like some cyberthug grabbed it. This is not going to have a happy ending. SMH

 

The End?

If your company encourages BYOD, you might be thinking right now that they should change that policy. Before you make an unfortunate decision like that, remember three things:

  1. Data thefts like the one at the end of our story can be prevented
  2. Once you understand the risks and rewards of BYOD, your business can develop an effective policy for the use of personal devices in the workplace and on behalf of your business
  3. Even if you ban employees from using their personal smartphones for work, your employees are going to do it anyway

If that last point sounds surprising, consider these results from the 2019 Intelligent Information Management Benchmark Report, as reported by M-Files:

  • 52 percent of companies discourage or prohibit the use of personal devices
  • More than 60 percent of employees use personal file-sharing devices and/or personal devices to access company information

According to a Cisco survey, more than half of 3,200 respondents aged 21-31 said that if their employers banned the use of personal devices for work, they would use them anyway.

Fortunately, there are lots of things to like about encouraging employees to bring their own device to work.

 

Rewards of BYOD

More than 75 percent of American workers own smartphones. That percentage rises above 90 percent when you include only workers under 50 years of age.

Surveys indicate that when you allow employees to use their personal devices at work, it makes them feel more comfortable; it’s a morale booster.

Other rewards of BYOD include:

  • Employees can work from anywhere at any time
  • Productivity is boosted because workers are so familiar with their devices
  • Equipment costs are reduced because the organization does not have to buy devices for its employees (they may be responsible for part of the employee’s monthly service fee)

That’s why bring your own device is good for their organization.

But as we learned in our story, BYOD also comes with risks.

 

Risks of BYOD

Here are some of the most common risks involving BYOD.

  • Data theft | Sending a file over a poorly-secured public network risks having the file stolen. It can happen in an airport, a coffee shop, or any place where you have a choice of networks to join.
  • Malware | You lend your phone to your child. They download the cool new game everyone is playing at school. It’s free to play, but it’s also dropping malware wherever it’s downloaded.
  • Network exposure | Once the aforementioned malware is on the employee’s phone, and the employee logs into the company’s network from their phone, the network is exposed to the malware.
  • Termination issues | When an employee leaves the company, what happens to the company’s data on their personal device?

Working through how to avoid these risks is the first step to developing a company BYOD policy that protects the business while giving the employees use of their devices.

 

What Your BYOD Policy Should Include

Every company has to set its own rules regarding BYOD. At the minimum, those rules should cover:

  • Devices | In addition to their smartphones, your employees might own tablets, smart watches, handheld gaming consoles, portable music players, digital cameras and more. Be clear about which of these may be use for work and at work.
  • Security | Cover the measures you want to require employees to take to protect their devices and your network as well as any measure the business will take to secure company content on their devices.
  • Boundaries | By using their device for work, will the employee be granting the company access into their phone? Will the company provide technical support for the employee-owned devices? If so, how much? If an employee’s device cannot connect to the network, will the business provide a substitute? Your policy should be explicit on these questions.
  • Apps | Which apps will be off limits to your employees while they are on company time?
  • Bandwidth | If all your employees are using the company wi-fi, do you need to limit or prohibit non-work-related use of music and video streaming?

That’s a lot to cover when you dig into it, but the final outcome should be a BYOD policy that you, your HR department and your data can live with.

For more information, here’s an interesting article about an approach to building a BYOD policy.

Team Big Fish

Team Big Fish

At Big Fish we help busy CTOs innovate and succeed through secure, done-for-you custom mobile app development. We are a full service app design, development and maintenance company in Tampa, serving companies across the United States. Please request a consultation if you’d like more information about working with our team.
Follow me on Twitter