Why HR Needs A Formal BYOD Policy
Bring your own device or BYOD has gained in popularity with all size companies and is a particularly important policy to embrace if you want to recruit and retain millennials.
But BYOD can’t be done haphazardly or on a case-by-case basis. Employers have to establish company-wide guidelines and rules to protect their data as well ensure employees are using their personal mobile devices for work and not pleasure.
“BYOD is all about balancing the needs of your employees with the realities of running an organization both cost effectively and securely,” says David Berman, President of RingCentral, the cloud-based phone system company. “Neither too rigid nor too flexible are going to work for any business long-term.”
With talent wars heating up between companies looking to bring on their next stars, employers have to go to great lengths to lure them and one way is allow them to use their mobile devices in the office. Millennials have grown up with a mobile device at their hip and would likely balk at working for a company that banned iPhones during working hours.
Consider this. According to Berman almost nine out of ten corporate employees work on their personal smartphones outside of business hours. And many of those employees use their mobile phones while they are sitting right next to their desk phone. “Allowing employees to bring their own devices to work can significantly increase productivity. People tend to be happier and more comfortable using devices familiar to them,” says Berman. “In addition, because these devices are taken home after work hours employees tend to spend more than the traditional eight hours on work-related projects and tasks.”
So what should be part of a company policy when it comes to BYOD?
According to Ennio Carboni, Executive Vice President, Customer Solutions at software company Ipswitch, before a company can even set up rules and put them on the books, they have to confirm they have enough wireless bandwidth to support all these mobile devices. “Most BYODs access the network through a wireless router,” says Carboni. ”Notebooks, iPads and smartphones can create bandwidth consumption overloads that threaten user access to legitimate company or organizational computing resources.” One way to get around that, says Carboni, is to create a “benchmark” for wireless access. Basically that means taking stock of who is bringing in what device and what information or programs will they be accessing with their mobile device. Doing that ahead of time will enable the company to build the right network infrastructure to support all the disparate devices, he says.
Once the company has the proper technology in place to support BYOD, they have to have a clear idea of who can access what data and how. Employees have to know the rules of engagement in regard to what they can do with their mobile device during working hours and what happens if the device is lost or stolen. If the plan is to remotely wipe all the data from a lost or stolen mobile device, the company has to state that policy clearly and upfront to avoid any issues.
“Typically, employee relations concerns crop up if a phone or tablet needs to be wiped and the employee has stored a huge amount of contacts, pictures, music, books, personal information or other applications the employee may have paid for personally or that would be valuable to the employee if deleted,” says Laura T. Kerekes, chief knowledge officer at Think HR Corp. “ To help mitigate those issues, offer employees information and options for ways they can back up and secure their content so that the personal data can be restored.”
One of the allures of mobile devices is the ability to download apps to help with pretty much every aspect of life. But not all apps are created equal and some may actually be malware disguised as an app. Because of the risk, experts say employers have to communicate to employees which apps need to be avoided and which ones are safe to download. There should also be a formal approval policy in place in the event an employee wants to download a new app, says Kerekes.
Protecting the company’s data and computer network is key when adopting a BYOD strategy but it’s not the only thing to think about. Using mobile devices to communicate can open the company up to harassment and discrimination issues not to mention privacy issues. Take harassment and discrimination. According to Kerekes employers have to remind employees to use good judgment when texting or sending emails from their personal devices. It’s very easy for someone to misinterpret a text message or brief email sent on the fly. As for privacy, Kerekes says since there is a co-mingling of sensitive company information and employee personal data the company has to think about protecting their data and at the same time the data that belongs to the employee on that mobile device. “Both parties need to understand the information being stored and accessed and how that information will be maintained,” says Kerekes. Companies need to “use good judgment in how that data is used to protect the privacy of all parties,” she says.