By Jason Moody
Most companies that have successfully mobile-enabled their workforces have accepted three unavoidable facts of life. Bring your own device (BYOD) will happen whether they allow it or not. The only way to allow BYOD is to develop policies and technical capabilities to make it safe. And policies and practices must be continually communicated to employees, along with the risks of failing to follow them.
Here are key elements for making your organization BYOD safe.
Step 1: Develop a comprehensive BYOD policy
Clearly articulate the challenges and policies needed to be enforced. HR should outline the capabilities employees want and need, as well as which capabilities are appropriate for the roles within the organization. IT must specify the tools to deliver these capabilities safely and securely. Legal must decide what can be supported as being compliant with all laws and regulations that govern the organization.
This may seem daunting, but companies that begin deploying mobility and social media management tools without doing this first may find all the benefits they hope to gain are undercut by major missteps, which may lead to increased complexity, regulatory fines and a damaged reputation.
Step 2: Develop secure BYOD capabilities
No matter what kinds of security policies are deployed, you can’t be sure they’ll be followed unless tools are in place to enforce them. Technology companies now offer unified, end-to-end enterprise mobility management solutions that can enforce policies while managing complex operational hierarchies, maximizing end-user productivity, reducing costs and freeing IT resources. When considering a solution, take into consideration your organization’s size and make sure the solution can address even the issues expected in the future. If done correctly, you won’t need to purchase and integrate new point solutions as needs evolve.
Step 3: Educate
Every company has different requirements based on industry, size, locations and risk profile. Because technologies, platforms and risks are continually evolving, it’s not enough to publish general guidelines. Engage in regular training—yearly or more often if necessary. Demonstrate how to use personal mobile devices safely, and clearly explain the risks of not doing so.
Explain actual high-risk scenarios that apply to your organization and explain how damaging improper behavior can be. Say an employee brings a new smartphone to the office and uses it to take photos of a whiteboard of notes about a new product or acquisition so he can later type notes at his desk. He knows he shouldn’t leave the office with these notes on the device, so he deletes them before leaving. But he has forgotten—or never understood—that when he set up the phone, it was automatically configured to back up all screenshots to a photo-sharing site. The sensitive information now is vulnerable to public exposure, which can lead to loss of revenue, jobs and reputation.
Only through clear policies, proper tools and ongoing education can companies enjoy all BYOD’s productivity, agility and cost benefits while keeping risks to a minimum.