8 Things to Consider Before Allowing BYOD in Your Office
There’s no cookie cutter solution or magical silver bullet BYOD policy that fits every organization. But before you partner with an IT provider or have your internal staff create a customized BYOD or MDM policy, you should consider the following:
- Devices: What brand/type of mobile devices will be supported? Create a list of acceptable personal smartphones and tablets that your users are allowed to bring into the corporate environment.
- Data Plans: Will the organization pay for the data plan, or will the employee/user? Will the business issue a stipend, or will the employee submit expense reports? Will you implement a cap or threshold for the amount of data the company will pay for?
- Compliance: What regulations govern the data your organization needs to protect? For instance, does your organization adhere to HIPAA compliance, PCI, etc? Do you require encryption? There are large financial penalties for breaking compliance by negligence and willful neglect.
- Security: What security measures are needed (passcode protection, jailbroken/rooted devices, anti-malware apps, encryption, device restrictions, iCloud backup)?
- Applications: What apps are forbidden? IP scanning, data sharing, Dropbox?
- Agreements: Is there an acceptable usage agreement (AUA) for employee devices with corporate data? Are there sites that you do not want users to visit at work or other locations that could create security threats or HR violations?
- Services: What kinds of resources can employees access — email? Certain wireless networks or VPNs? CRM?
- Privacy: What data is collected from employees’ devices? What personal data gets segregated and is never tracked or collected by the employer?
It is human nature to push limitations, challenge rules, and question authority that we think infringes on our right or privacy. By creating a clearly define BYOD policy and MDM strategy, you ensure that everyone is on the same page, and get users to agree to terms if they want the freedom to use their personal devices to access your corporate network.