By Allie Philpin
Wherever you go these days, there’s a mobile phone glued to someone’s ear or a mobile device resting in another’s hand. Many of these mobile devices belong to business people; many of these mobile devices are personal devices being used for business purposes. It’s not surprising really, given the capabilities and functionality of these devices that delivers the flexibility many employees demand so they can conduct their work roles while out and about. But the growth of the use of tablets and smartphones has left businesses in a bit of a quandry; do they allow BYOD and, if so, do they implement a BYOD policy?
The answer to whether they allow BYOD is, in reality, probably out of their hands; employees have made that decision for them in that they are using their personal mobile devices to carry out business. And they’ve been the receiver of the benefits in terms of better productivity, increased communication and efficiency, and a reduction in business costs. But when it comes to implementing a BYOD policy? Well, businesses and organisations are slowly realising that this aspect is becoming a necessity as they start to face the challenges associated with allowing BYOD.
Using personal mobile devices for business use highlights the area of stored corporate and private data on the same device, and under data privacy rules, there are two principal potential risks that need to be considered:
1. Third party personal data that is processed and/or controlled by the company will probably be stored on the employee’s personal device; if the device is stolen or lost, up goes the risk of a breach in data privacy.
2. The employee’s personal data, right down to the details about their private lives, could find its way on to corporate systems, either through misfiling, inadvertently, or through back-ups, again breaching data privacy laws.
Then there’s the question of control over corporate data once it’s stored on personal mobile devices – how do you keep it secure and confidential? Without data on these devices being encrypted, it wouldn’t take much for anybody to gain access to that information; and even if the data is stored on the device’s cloud service, i.e. OneDrive or iCloud, how secure is the employee’s password to these applications? One way to overcome this is to ensure that employees hand over their device to the IT department to install a security configuration, or to use an application such as MobileIron – a “walled garden” – but don’t forget to obtain consent from the employee!
And then there’s software licences – do they allow an employee to use company applications on their personal mobile devices, or do you need to obtain another licence? And don’t forget to think about your employee’s work-life balance – Working Time Regulations in most countries have a restriction on how many hours a week you are allowed to work, i.e. in the EU, there is a 48-hour limit (unless the employee has opted out of the regulation); but what employee doesn’t check their emails in the evening, over the weekend, and even on holiday!
It is these issues that are driving businesses and organisations to develop and implement BYOD policies, but these policies must be clear, up-to-date, specific, well-drafted and regularly updated.