Over the past few weeks we’ve talked to a few local law firms about the state of their IT, and these conversations got me thinking. Even with the amount of data these firms, and firms all over the country, have […]
We’re entering the era of BYOD. No, that’s not a typo. And no, it doesn’t mean “Bring Your Own Deep Dish Pizza.” What we’re referring to is the “Bring Your Own Device” policy that more employers—whether by influence of research or trend—are choosing to implement. Whatever the motivation, BYOD shouldn’t be incorporated into your IT infrastructure half-heartedly. (BYOD is not, “Sure, John, you can take your work laptop home and start putting your own stuff on it.”) Just as with any other major change in work policy, BYOD should come with a formal, consistent set of rules and practices. In this post, we’ll discuss BYOD’s place in a world where connectivity is ubiquitous, where work and leisure are inextricable.
Blurring the Lines
Things used to be simpler: you came into work, logged into your PC, and started working. At the end of the day, you logged out and went home. Today, the end of the work day and the beginning of personal time are hardly distinguished. With phones and other devices as smart as PCs, laptops as cheap as desktop PCs, and increased utilization of the cloud, connection isn’t limited by location—working from home or “homing” from work isn’t just a novelty. It’s becoming an expectation.
- While they may not verbalize it, there’s a very strong chance that your employees want the following:
- To check work email on their smartphone without having to carry a second phone around to manage two sets of contacts
- To take their work home without the hassle of shifting files back and forth on thumb drives
- To connect to the office server from home
- To bring their own music to work
- To not have to carry two laptops around
As an employer, how do you respond to these needs and trends while maintaining security, proper software licensing, tracking assets, and, in broader terms, simply keeping everything in order? You define a policy that in no uncertain terms articulates how devices can and cannot be used.
The seemingly lax nature of BYOD may make it appear like it’s only fit for an equally-lax startup cliche where employees roll into work “whenever” and dodgeball is played in the lunch room, but that’s really not the case. To be sustainable, practical, safe, and productive, employers need to define a policy for how and from which devices employees can connect to work and the security practices they should adhere to when doing so.
Common Interpretations of “Bring Your Own Device”
The practice of BYOD often involves employers allocating a stipend to employees for purchase of their own portable technology to use for work, at work, and outside of work as an alternative to using exclusively company-owned devices.
In the business world and across various industries, BYOD is growing in popularity. In markets of high-growth such as Brazil and Russia, about 75 percent of employees bring their own devices in the workplace.
Under many BYOD policies, devices aren’t limited to computers: they may also include smartphones, tablets, laptop computers, and virtually (pun intended) any technology that adheres to crucial security practices, can accommodate necessary applications and software, and enables employees to access company data and email. While not under the umbrella of formal BYOD policies, employers often opt to extend their device practices in general to non-portable technology such as home office computers and public kiosks. In these cases, establishing clear rules and safeguards are equally important.
Still, some employers may have more extreme takes on BYOD policy. Though it’s impractical and removes nearly all of the convenience of BYOD, employers may opt to lock everything down and provide zero outside access. In another extreme, employers may provide no work computers at all and require employees to truly supply their own devices, with or without a stipend or reimbursement. Most commonly, though, companies provide a work computer but also allow employees to check work email from their phone, work from home on their own computer, and so forth.
Of course, companies may still hold workplace device policies that are less progressive than BYOD. Though their enforcement efforts may be fruitless, some employers have policies that ban personal devices entirely. Beyond the impact strict “gatekeeping” policies like this one may have on workplace morale and employee empowerment, a study from the University of Texas also suggests that such a banning mobile devices may inhibit employees from receiving information in the event of a crisis—something that, while not relevant to productivity, is important to consider when creating a workplace environment that meets the needs of both employees and employers.
Advantages of BYOD
When thoughtfully implemented and tailored for your business, BYOD offers empowerment, trust, and increased productivity to your employees. Within reasonable limits set by the employer, an employee can choose a device fit for their personal preferences and consistent with where their familiarity lies. BYOD also enables employees to seamlessly transition from working outside the office to at the office—there’s need to export the latest revisions or manage work at different stages on various devices. And then there’s the simple, but compelling fact of morale: employees can listen to their own music while working and have personal and work software on the same device.
Financially, providing BYOD stipends are advantageous to employers because they can expense technology purchases immediately and have fewer assets to track and depreciate.
A BYOD policy not backed by informed research and clearly-defined terms-of-use can be a great risk to a business. Though many of the same security risks associated with BYOD also exist with company-owned devices, irresponsibly-managed personal devices can exacerbate those risks: more devices are being used in more locations, the onus for safety lies greatly on the employee, and there’s a greater chance for lost or stolen devices. To manage risks, companies can use tools like Google Apps that can control which devices are permitted to access email, restrict what can be done on devices, require employees to encrypt device stores, and wipe devices if they are lost or stolen.
Employees must also ensure that software license’s on their devices are compliant, and a BYOD policy should specify license compliance requirements.
Developing Your Company’s BYOD Policy
As we mentioned earlier, BYOD allows employees just that: the opportunity to choose the device or devices that are best for them. This should, of course, come with some restrictions that individual companies should identify. A strong, responsible BYOD policy must also have requirements for how the device should be used at work. The following are a few fundamental “rules” we’d recommended having in place. Employees should ensure that their devices:
- Be periodically assessed and configured by IT department
- Run corporate anti-virus software
- Have local storage encrypted
- Have lock screen turned on
- Run properly licensed software
- Maintain good, presentable working order, especially when employees are customer-facing
In addition, employees should report lost or stolen devices immediately so they can be disabled, remotely wiped, or other necessary steps for safety can be taken.
While employees hold a great deal of accountability under many BYOD policies, other responsibilities should still rest on the employer, including providing all licenses for business software (i.e., Microsoft Office and Quickbooks) and reimbursement or stipend amounts (if any) for devices purchases.
In IT Freedom’s own BYOD policy, we specify the conditions bulleted above. We also provide new hires with company-owned laptops, but don’t require them to be used. After an employee has been with us for one year, we offer a stipend every three years to cover the cost of a personal computer or laptop that the employee then owns.
If you’re interested in learning more about our policy, here’s a bring your own device template that we used at IT Freedom that you can use “as is” or adapt to your own business.
Any questions? Contact us.