When it comes to BYOD, the conversation has clearly shifted. No need to ask whether to allow employees to use personal devices at work; they’re already doing that with or without your permission. The question is how to harness this fast-growing phenomenon while mitigating its risks.
Millennials Drive the Conversion to BYOD
According to a 2014 Gartner study, 40% of US employees working for large companies use personally owned devices for work purposes. In addition, a recent CompTIA survey found that six out of ten workers in their 20s and 30s used a personal device or app for work. Because by 2015 millennials will make up the largest segment of the workforce, expect the number of workers using their personal device at the office to skyrocket.
Companies fighting to hire millennials should keep these factors in mind. According to CompTIA, three out of four men ages 20 to 49 consider a potential employer’s level of tech-savvy a significant factor in choosing to work there and, as digital natives, they expect flexibility of choice and location, and are looking for employers who understand that their comfort and creativity in this area is a strength to be harnessed.
Advantages of BYOD
No doubt, millennials are onto something. More and more employers are bowing to the inevitable pull of BYOD and with good reason. There are in fact a lot of advantages for the employer. The first and most obvious advantage of BYOD from a corporate perspective is cost savings which comes in many forms. Most obvious, of course, is that the employer no longer has to purchase 100% of the employees’ device. Less obvious although not insignificant, BYOD gets the Company and its IT department out of the procurement and hardware business. This can lead to great economies in terms of time spent on product selection, contract negotiation and product support. Moreover, as employees are better able to seamlessly work outside of the traditional office, some companies are also able to find increased savings in real estate costs.
BYOD also offers the promise of increased productivity. Workers can now work from the soccer field, from the doctor’s waiting room, and during their night out on the town. Because they need not be glued to their desk or have a stack of papers with them, the opportunity for flexibility should, at least in theory, lead to increased efficiencies.
With the benefits of cost savings and increased productivity, come risks, especially those related to data loss and security breach. With the average data breach costing organizations $3.5 million and the average cost per record lost increasing each year, this risk can’t be understated.
While security risks can’t be completely eradicated, an organization with a well-thought out, well communicated, and well-enforced BYOD policy, is better positioned than one that ignores the fact that personal devices are used for work. The creation of this kind of policy requires interdisciplinary input from IT, human resources, legal compliance and employees. Gone are the days of the company mandated blackberry. Your team will have to be prepared to work with phones, ipads, laptops, and perhaps watches. The devices in each category may vary and there is no predicting where your employees will be working. With this in mind, some items to consider when building a BYOD policies are as follows:
- Make sure antivirus and malware protection has been installed and that your IT department can and does keep it updated.
- Help employees avoid the risks of open wifi environments through desktop virtualization, accessed through SSL VPN.
- Require employees to have passwords and pins and to report missing or stolen devices.
- Make sure there is an autolock after a certain number of failed access attempts
- Ensure corporate data is kept separate from personal data through containerization.
- Maintain an ability to wipe corporate data, disable printing, and access to storage remotely if device is lost or an employee is terminated.
- Keep corporate data encrypted
- Maintain backups of corporate data contained on personal devices
- Make support easy and available
- Make sure there is a method to quickly communicate threats
- Ensure that your program has continuous and frequent training and that you have obtained clear, written consent from each employee.
Finally, it is important to remember that creating a BYOD policy is only a starting point. Keeping your work force educated and vigilant is an ongoing process. In addition, as technology changes new issues will arise and new solutions may have to be implement. A successful BYOD policy evolves with these changes and with its workforce. There are risks. However, BYOD done right should be a win for employees and corporations alike.