BYOD - what the HR department needs to know

Article Index
Overview


Bring Your Own Device (BYOD) is a growing trend that is fast becoming a workplace norm. Already 75% per cent of employees in high-growth areas such as Brazil and Russia bring their own devices to work. Nearly half of employees (44%) do the same in well-developed regions. The merits of this concept are easy to see from an employer’s point of view. Firstly, the company saves money, as they are no longer obliged to provide devices. Secondly, it has been seen to increase productivity and morale of employees, as they are more comfortable using their own preferred devices. Studies have shown that 44% of job seekers view an organisation more positively if it supports their device. 

We live in a world that is now highly mobile and constantly connected. Ignoring or rejecting BYOD can be more detrimental to a company than dealing with the potential issues that may arise when an employee connects a personal device to a corporate network. Jos Creese, Hampshire County Council CIO, recently summed this up perfectly when he said: ‘You don’t resist inevitable IT trends, whether they are cloud, BYOD or social networking - you find a way of harnessing them and using them to allow the organisation to do what it needs to do’.

Before adopting BYOD, employers need to review their network infrastructure to explore if it is able to cope with an influx of new devices. The employer needs to know not only the number of devices, but also what they are (Apple, Android, Windows, etc.) and what they will be used for.

So, how can an HR department deal with the problems that may arise from allowing employees to use their own devices for work purposes? The answer is a clear policy. This must be a policy that employees can understand, and which sets out clear consequences for rule breakers. It is in companies that have no policy on BYOD where problems arise, and where employees are left confused. How specific this policy needs to be, depends on the nature of the business in question. There are a few main issues that any BYOD policy needs to address:

1. Personal data

If a personal device is used for work purposes, it can be seized and used as evidence against an employer. Employees need to be made aware that they forfeit some of their rights to their personal data stored on such devices. Also, if connected to a workplace network, personal files such as photographs and correspondence may be mistakenly damaged or deleted by the employer. There was a recent case of an employee, who was writing a novel on his BYOD laptop. Only one copy existed, which the employer mistakenly deleted. However, educating employees and reminding them to back up their data regularly can easily prevent these kinds of incidents. 

2. Security

When introducing a BYOD policy, the IT department gives up a lot of control over the devices, and so data security becomes a major concern. Potential confidentiality issues arise when mobile devices used for work are lost or stolen, as private information may fall into the wrong hands. The workplace also must comply with data protection law, meaning that the company must take measures against unauthorised use of personal data, as well as accidental loss or damage to data. Thanks to Mobile Device Management (MDM) and Mobile Application Management (MAM) solutions, employers can be sure that all the data protection requirements are met. An important part of this is the facility remotely to wipe lost or stolen devices. The employee must also be made aware that a lost or stolen device must be reported immediately so this can take place. The remote wiping procedure is also essential when employees leave the company, as they will have no obligation to return their device. This is especially important in the case of employees whose contract has been terminated, as they may not be harbouring good will towards their former employer. Employees must also be made aware of the importance of a strong password in order to keep their data safe, additionally, data can be encrypted.

3. Billing and ownership

When one device is used for both work and personal life, who pays the bill? The employee or the employer? Many companies overcome this difficulty by providing their employees with an allowance, which covers acceptable work usage, which means that neither party ends up out-of-pocket. In the case of mobile phones, an agreement needs to be made over the ownership of the phone number. If an employee retains the phone number used to contact clients, after they have left the company, clients could potentially end up calling a competitor. 

Summary

As you can see, there are some problems that can occur when adopting a BYOD policy in the workplace. However, all of these issues can be kept at bay when the HR department produces a clear policy with a well-managed network. A policy has to be produced which simply defines the segregation of personal and work data, states minimum device requirements and outlines the monetary contribution of the employer. One clear leader should be appointed, who will oversee the BYOD strategy. Then a BYOD scheme can be rolled out, first to a pilot group, and then to the whole company. Finally, policy compliance must be reviewed regularly, as there is little point in setting policies if they’re being violated and content isn’t secure. 
 



 

Comments 

 
# Bright Future 2013-10-24 14:13
Some really good points on security here. Really strong company policies over reporting issues and password strength is vital. If companies are going down the BOYD route a clear company policy needs to be created and stuck to.
Reply
 

Add comment


Security code
Refresh





Forgotten your password?

 
I'd like to subscribe
Subscribers only - te law will answer your employment law queries. Find out more about our email support

Now there's more ways to stay in touch

Join Us on Linked in Become our Fan on Facebook Follow us on Twitter