In BYOD We Trust

Bring-your-own-device (BYOD) programs typically focus on increasing productivity and employee satisfaction while ensuring data security. What should not be overlooked, and it may be the most important factor in whether these programs are successful, is the level of trust created and sustained between the organization and its employees.

In the early days of mobility, organizations maintained complete control over devices and typically reserved the right to wipe all data from a phone if it was lost or stolen. This may have worked well for the limited numbers using such phones (and usually carrying two devices), but it’s a tough sell for BYOD users, whose devices store both personal and corporate information. These users must trust their personal data won’t be accessed or deleted by the organization; if they don’t, the BYOD program will fail.

The following strategies can help generate trust in a BYOD program.

1. A BYOD Bill of Rights – The organization clearly spells out the rights and protections afforded to employees, how these rights and protections will be enforced and what rights the organization has to protect its data.
2. A secure workspace – BYOD is enabled via a secure workspace installed on each device as a separate application for corporate data. The organization retains complete control over the secure workspace and can delete it if necessary, but has no access to personal data and can’t delete it.
3. A business phone line – By installing a separate software-based phone line on devices, organizations can further separate business and personal activities. Employees don’t have to give out their personal numbers for business, while the organization only has access to enterprise phone data, not personal calls or texts. In addition to encouraging trust, this can help organizations comply with evolving regulations related to business use of personal devices.
4. Limiting business use to business hours – Depending on the role of employees, turning off access to the enterprise network and business phone lines outside of business hours can demonstrate a commitment to protecting employee rights.

But trust is a two-way street. Organizations need to trust that their data will be safe. This can be challenging because most data breaches and losses come from inside, including employees intentionally or accidentally sending the wrong information outside the organization. As the organization strives to meet employees’ needs, it should also make it harder for employees to exercise poor judgment.

For example, institute a permission system for access to sensitive files. Or perhaps certain activities, such as trying to access files in the middle of the night or from a questionable location (e.g., overseas when the employee is not traveling), could result in the secure workspace being automatically shut down.

In the end, building trust in a BYOD program is not different from building confidence in other key business initiatives. Both must be built on fair policies that are clearly communicated. The organization must have a way to enforce the policies while ensuring there is adequate training for employees and IT administrators about how to protect enterprise assets.