BYOD policy benefits the employer and employee

March 3, 2015

The emergence of the BYOD workplace has saved employers plenty of money and untethered employees from a desk with a landline phone. It has created plenty of flexibility for businesses in an era that increasingly depends on malleability.

Yet even with all of the potential benefits of BYOD, it is imperative that any business implementing this strategy devises a clear policy. Chief executives and IT managers should establish guidelines that outline the rights of the employer and employee, as well as specifics related to best practices.

A lack of BYOD policy awareness
Intercede, a software security firm, recently conducted a survey of employees from companies with BYOD strategies and found that 23 percent of respondents knew nothing about a policy, according to Computer Weekly. Meanwhile, 25 percent of respondents said that they access corporate information on their personal devices and 7 percent tap into company data without permission.

“A lot of employees can get access or believe they can get access to corporate data, and in many cases are oblivious to whether there is any corporate policy in place to control that usage,” Richard Parris, the CEO at Intercede, told the news outlet.

Parris is concerned by this fact because it implies that employees don’t fully comprehend the value and significance of company data while accessing this information. This concern expounds a growing belief in the tech community: a BYOD policy isn’t enough. Employers must ensure that their employees are well aware of the policy’s details.

How to construct the guidelines
InformationWeek reported that despite the reservations of some IT departments, BYOD is already firmly entrenched in the fabric of global commerce. Michele Chubirka, a network security engineer, said that company executives should meet with stakeholders and go over policies and procedures. She also advises BYOD policy makers to consider the class of data and the handling of data. One of the most commonly forgotten aspects of a BYOD policy is data classification.

“Written into the policy is who is allowed to touch what, when are certain controls supposed to be at rest, when is it supposed to be encrypted in transit,” Chubirka told the news outlet. “Figure out your data type, like driver’s license and Social Security numbers, ID numbers in conjunction with an email address. Figure out what you have and how you’re going to protect it. And that tells you how you’re going to do BYOD with your policies.”