Companies implementing a bring your own device policy are perceived as innovative. However, do the risks outweigh the benefits, Ian Vella asks.

Many ICT departments, especially ones on a low budget, find it difficult to keep up with the latest hardware and technology innovations. On the other hand, most tech-savvy employees, especially the younger generation, buy the latest laptops, tablets and smartphones.

To make the most of this situation, some companies are introducing a bring your own device (BYOD) policy at work to allow employees access over corporate servers using their own personal electronic equipment.

A company implementing such a policy can be perceived as being more flexible and may increase employee morale as anyone can use whatever productivity software or operating system they prefer. Whether an employee would like to access corporate e-mails on a large screen phone or on a laptop doesn’t make a difference – it’s a matter of personal preference.

While BYOD may increase flexibility at the office and improve a company’s public image, a business needs to consider all implications before allowing employees access to corporate data.

An IT review should be considered before implementing such a policy. This would help determine what data is extremely sensitive and what are the implications if an employee’s device is lost or stolen. Would the company be able to enforce a particular type of virus protection on all devices and what could be the consequences if such devices are to be shared with other family members, especially children?

Although costs associated with hardware procurement may be lower for a company implementing a BYOD policy, a business must consider that operating costs may eventually add up, especially if a company is to support all operating systems – for instance, Apple’s iOS is inherently costly while Android systems are complex to manage since there are many different versions.

There are solutions that can help a company overcome such problems. Corporate applications may force users to partition all work related data and enforce passwords which are changed periodically. Anti-malware software should also be installed to avoid that employees unknowingly download a keylogger which may help third parties gain access to corporate servers. IT departments should not only secure the devices but if possible even the data itself by identifying sensitive information and encrypting these files – this would mean that if such files fall in the wrong hands they may be unusable.

Once a business manages to lay the ground for a BYOD policy, the gains are significant

Once a business manages to lay the ground for a BYOD policy, the gains are significant. According to a study conducted by US tech-related research firm Gartner Inc., implementing a BYOD policy at the workplace leads to happier and more focused employees. Productivity also increases as users of a particular device become more proficient in using it, given that they would spend more time interacting with that particular technology even outside working hours.

Communication is also sped up with BYOD, as employees are happy to send and reply to e-mails even after work. Interviewed employees also said that a BYOD policy encouraged them to take greater interest in researching and downloading security patches for their own operating systems. They were also willing to purchase productivity apps that could increase their overall work output.

Younger professionals said they might even consider changing jobs if another company offered the exact pay package but implemented a BYOD environment. This same survey shows that most companies are unable to stop their employees from using their own personal devices, not even companies which operate in the security or intelligence sectors. Expanding markets such as India, Russia and Brazil are showing a high adoption rate of BYOD policies, while most companies in the US are still considering or at least studying the implementation of such policies. Europe, on the other hand, lags behind.

Among the most notable companies allowing their employees to bring their own devices to work are IBM and Intel who started this trend back in 2010, during the same time when smartphones and data plans became everyday occurrences. Today it seems that smaller companies tend to prefer a BYOD work environment and larger corporations and government departments are finding it difficult to implement such a cultural shift.

A business has to also consider issues related to the legal and data protection aspects of implementing a BYOD policy. Companies might decide to upload certain software on authorised devices or do backups, but what happens if the company backs personal information as well in the process? What would happen if an employee leaves the company? Should the IT department be allowed to erase any data on the user’s device or should a company just take the employee’s word that it has been deleted.

Although laws exist to cover unauthorised access and copyright issues, a business must consider that many countries are not yet legally prepared to protect business interests of companies who allow users to access data on their personal devices. Therefore companies must ensure that employment contracts should include clauses to protect both parties and to ensure a smooth handing over of data if required.

It seems that taking an extreme position at either end of the spectrum is wrong for business. Either allowing all corporate data to be accessed from any device or preventing anyone from using any device other than the corporate issued laptop under any circumstance is bound to create problems. If a strict no personal devices policy is implemented, employees might still find a way to log on to their corporate e-mail from a personal device, or copy documents on USB sticks to perhaps work on them later on at night. This may be even riskier as employees may not co-operate if a secure system is breached.

As the demarcation between work and personal time is becoming increasingly blurred, a business needs to consider that it is practically impossible to stop employees from using their personal devices. In this day and age it pays to implement a BYOD policy that allows a safe, flexible and productive use of personal devices.

Ian Vella blogs on www.ianvella.com.

Independent journalism costs money. Support Times of Malta for the price of a coffee.

Support Us