One of the most pervasive workplace trends to emerge in recent years is the use of personal electronic devices by employees to access company networks. Commonly referred to as BYOD (bring your own device), this practice gives employees the freedom and flexibility to use their smartphones, tablets and notebooks on the job in place of company hardware.
Proponents of BYOD claim that it boosts productivity, saves employers money, and helps keep employees happy because the devices they selected and are most comfortable with can be used. However, many information technology (IT) consultants caution that the trend raises serious management issues that need to be addressed quickly by human resources (HR) departments. A detailed policy governing BYOD is necessary to help protect the integrity of company data.
According to a July 2013 study of BYOD issues by NaviSite, a hosting and application services company, 80 percent of IT decision-makers surveyed nationwide felt that BYOD is already the new normal, but only 45 percent of those respondents said their companies have a formal BYOD policy.
Similar concern is expressed in a report titled “2013 Data Protection Trends Research,” published by data storage firm Acronis, which states that nearly 80 percent of the companies surveyed have not educated their employees on BYOD privacy risks. Meanwhile, an extensive report by IT solutions provider PC Connection indicates that 47 percent of firms surveyed that do have BYOD policies in place do not have restrictions on the employees who can participate.
The high level of concern expressed in these reports suggests that many companies that tolerate or even embrace the BYOD trend are not moving quickly enough to mitigate the inherent risks. They may not recognize the various ways in which BYOD can substantially complicate the already difficult task of protecting sensitive or proprietary company data.
The one important step is to create a formal BYOD policy in the employee handbook. The policy should explicitly answer such questions as:
- What happens to the files on an employee device if that employee leaves the company?
- What if the device is lost?
- How is company data segregated from personal and social applications, and are they accessed differently?
- Who is responsible for IT support for the personal devices?
- How can the employee be prevented from inadvertently downloading apps that plant spyware or malware on the device?
Such questions may raise thorny issues that sometimes blur the line that separates company rights and employee rights. Therefore, the written policy should leave no question about what procedures are to be followed in the event of certain circumstances. For example, if an employee suddenly leaves the firm, or an iPhone is left behind on a train, can the company data be erased even if that means wiping out personal files as well?
According to an account published on the Newsroom pages of Cisco’s website, a small petroleum exploration company recently faced such a situation when a senior executive resigned. On his Blackberry, alongside sensitive information about deals under negotiation, were vacation and wedding photos. There was no policy in place to govern what happened next, but because the employee was a trusted senior-level executive, the decision was made to let him make the needed deletions on his own.
Of course, not every employer would feel comfortable arriving at a similar decision. That is why HR executives should work closely with senior management to ensure that rules are in place to cover the thorny issues of BYOD.
Article provided by Insperity, a trusted advisor to America’s best businesses for more than 27 years. Insperity provides an array of human resources and business solutions designed to help improve business performance. Insperity® Business Performance Advisors offer the most comprehensive suite of products and services available in the marketplace. Insperity delivers administrative relief, better benefits, reduced liabilities and a systematic way to improve productivity through its premier Workforce Optimization™ solution. Additional company offerings include Human Capital Management, Payroll Services, Time and Attendance, Performance Management, Organizational Planning, Recruiting Services, Employment Screening, Financial Services, Expense Management, Retirement Services and Insurance Services. Insperity business performance solutions support more than 100,000 businesses with over 2 million employees. With 2012 revenues of $2.2 billion, Insperity operates in 57 offices throughout the United States. For more information, call 800-465-3800 or visit www.insperity.com.