I recently blogged on the need for employers to update their policies to include provision for social media and the risks of not having such a policy. Well, Christmas is around the corner and we are told that high on the Christmas wish list for both young and old are portable devices. Apple is launching a new ipad, hotly on the back of the ipad mini, in time for the Christmas market and indeed there are a wealth of ipad alternatives out there. Further I read just last week that a recent survey found around 50% of the world’s population now owned or used a smartphone on a regular basis.
This brings additional complications into the business world of allowing employees to use their own personal mobile devices (such as tablets, smartphones, laptops or notebook computers) for business purposes. This bring your own device (BYOD) is more common in some industries than others. Some Companies have a ban on certain sites from work PC’s but allow employees to access their personal email for example on their BYOD.
BYOD can bring a number of benefits to businesses, including:
- Increased flexibility and efficiency in working practices.
- Improved employee morale and job satisfaction.
- A reduction in business costs as employees invest in their own devices.
However, it is not without its downsides. The boom in BYOD has been matched with an upsurge in criminal activity with the exploitation of data and intellectual property stored on personal mobile devices. The use of personal mobile devices for business purposes increases the risk of damage to a business’s IT resources and communications systems, confidential and proprietary information and corporate reputation.
Personal mobile devices are owned, maintained and supported by the user, rather than the business meaning the business has less control than over a corporately owned and provided device. Monitoring of devices in inherently more difficult and employers who wants to monitor employees’ use of personal mobile devices, must:
- Make their reasons for monitoring clear; and
- explain the benefits the business expects will be delivered by monitoring (for example, preventing misuse of the device).
The business must ensure that monitoring technology remains proportionate and not excessive, especially during periods of personal use (for example, evenings and weekends).
Consideration also needs to be made to what will happen if the BYOD is lost or stolen as loss or theft of the device could lead to unauthorised or unlawful access to the business’s systems or company data. The business must ensure a process is in place for quickly and effectively revoking access to a device in the event that it is reported lost or stolen.
Employers also need to think about how it will manage data held on an employee’s personal mobile device should the employee leave the business.
Employers should also give considerations to protecting company data stored on personal mobile devices. Businesses should consider implementing security measures to prevent unauthorised or unlawful access to the business’s systems or company data, for example:
- Requiring the use of a strong password to secure the device.
- Using encryption to store data on the device securely.
- Ensuring that access to the device is locked or data automatically deleted if an incorrect password is inputted too many times.
The business should ensure that its employees understand what type of data can be stored on a personal device and which type of data cannot.
All these considerations can be made in an Internet or telephone policy which incorporates a BYOD section.