Cybersecurity, A-Z: B is for BYOD

(Part of a continuing series.)

BYOD, or “Bring Your Own Device,” is an umbrella term for policies that employers have concerning your smart phone, tablet, or laptop.  Essentially, the questions that BYOD policies seek to answer are these:  (1) Who owns your device?  (2) Who owns the information on your device?  (3)  What happens if that information (or the device itself) gets lost or stolen?  and (4) What happens to the device and information after you leave the employer?

Policies vary from organization to organization, but the trend has been and continues to be away from employer-provided devices and toward BYOD — that is, toward allowing and encouraging employees to purchase and own their devices.  Employers might choose to subsidize the device purchase, especially when use of a device is critical to performance of employee job functions.

While employee-purchased devices, subsidized or not, can clarify the question of device ownership, it does not clarify the question of information ownership.  Can you use your device to play Pokemon Go?  Can you post political messages on Facebook?  More importantly, what happens if your device, with work sensitive email and access to company information, is lost or stolen?

The key issue for employers is to create a robust, and clear, set of policies that employees understand before they purchase a device.  Best practices included in BYOD policies should include the following:

  • Create a clear division between private, personal information and company information.  Companies should not have access to personal employee information (photos, text, and personal email, for example), and any access to information to a device should be limited to company information (such as company email).
  • Set up a clear protocol for the loss or theft of a device.
  • Create robust password and encryption requirements.
  • Determine what devices will be supported, and make that clear to employees before they purchase devices.
  • Make requirements universal for all employees.

Good BYOD policies will protect sensitive and confidential company data while allowing employees the flexibility and convenience of enjoying and using their devices.

Leave a Reply

Your email address will not be published. Required fields are marked *