BYOD policies give employees more flexibility to use their preferred smartphones at work. It’s a growing trend that IT needs to enable. Yet, a lot of IT managers remain nervous about creating strategies that give up control over mobile devices.
To guide you through the process, use our 8-step plan. This will help you to address liability concerns, security, and the employee experience.
8 Steps for Successfully Implementing a Bring Your Own Device Strategy:
1. Decide whether BYOD is right for your organization
Take some time to consider the pros and cons of a bring your own device policy first. If you have above-average risk concerns (e.g., national defense industry), BYOD may not be the right move for you. With a well-designed policy, BYOD saves the company money and gives employees greater flexibility.
2. Create your policy on paper before you put it into systems
Buying a BYOD management system before you have a policy is a massive waste of money. You might buy the wrong system, which is why we recommend creating a policy first. The policy should spell out the following: goals for Bring Your Own Device (e.g., employee experience, productivity), acceptable use, monitoring practices, and governance.
Writing IT policy documents can be a daunting task. To help you through the process, read other existing IT policies in your organization to get a sense of their structure and design. If you’re still stuck, check out this BYOD policy template for further tips.
Tip: Work to keep the policy to 1-2 pages. If it’s longer than that, users are unlikely to read the document in detail.
3. Decide the scope of acceptable devices
Create a list of the devices you’ll accept employees to use for work. For example, you may list Android smartphones or specific iPhone models. Device Magic’s Mobile Forms app is cross-platform, though you’ll need to determine what other applications will be used if you’re considering a mixed environment.
To create your list, keep a few factors in mind. First, what devices do employees already own? Second, what devices can you effectively monitor with your BYOD management systems?
Tip: To guide you in creating your list, check out YouGov’s research on America’s most popular phone models.
4. Separate company and personal data
Fumble this step and you expose your company to significant risk of a data breach. To prevent this problem, you need a multifaceted BYOD strategy.
- Technology: Provide specialized apps, ideally with two-factor authentication, that contain all company data. Look for apps that can be deleted remotely in the event the device is lost.
- Training: Offer training to employees annually as part of your company’s cybersecurity program. Make it clear that there are risks of information loss and employees have a role in managing that exposure.
- Insurance/Liability considerations: Take note of the insurance and liability concerns that apply to your organization. Your insurer may require certain procedures and records to maintain a valid cybersecurity insurance policy. For instance, you may need to show that company data remains encrypted on BYOD devices.
5. Plan to protect personal data of employees
BYOD means your employees are using their personal devices at work. That means you have to be extra vigilant about protecting their privacy by evaluating your apps and BYOD policies for privacy protection. Specifically, your device management software and processes should never copy, store, or interact with an employee’s personal data and apps. Don’t limit your review to apps, either. Most smartphones automatically collect location data, but there’s no reason to collect such data from your users.
6. Set up a data usage monitoring process
This implementation step is most important for data-intensive Bring Your Own Device situations. For example, if you have frequent travelers such as managers and sales staff with BYOD, they may exceed their personal data plan. To address this situation, two approaches are worthy of consideration. First, encourage employees to use Wi-Fi connections as much as possible. Second, design a reimbursement process so employees can make claims for higher-than-usual data charges.
7. Simplify the sign-up process
If you want employees to sign up for BYOD in large numbers, make it easy. That means no paper forms, and minimizing the number of approvals and technology. Ideally, your sign-up or enrollment process will involve the following critical elements:
- BYOD request: Ask employees to submit their requests through an IT ticket system, so all requests can be tracked.
- Set-up: Make the set-up as simple as possible, such as downloading a few specialized apps.
- Quick wins: Give employees a quick win with BYOD on their first day of usage, such as being able to check corporate email on their phones.
8. Implement continuous compliance monitoring
From a management standpoint, Bring Your Own Device policies are not self-managing. You’ll need a process to review BYOD monthly from a data usage, policy compliance, and security perspective. When you notice problems, reach out to users to remind them of their obligations so they can improve.