IT Blogs & News - Written by IT Professionals - iuvo Technologies

What are the components of a solid BYOD policy?

Written by Bryon Beilman | Feb 14, 2019 5:41:15 PM

As the workforce continues to turn more mobile, and people are more tech savvy, it’s becoming increasingly important to put together a strong Bring Your Own Device (BYOD) policy.

Are BYOD Policies Becoming the New Norm?

There are some organizations that provide their employees with company devices (mobile phones, laptops, and tablets), lock them down completely in terms of what can and cannot be accessed, and fully control the flow of information. However, many companies who support BYOD culture allow their employees to use their own personal devices to do their jobs, whether it’s 100% of the time, when the employee is on the road or working from home.

Do you have a clear BYOD policy in place or plans to implement one? With so many personal devices accessing your company information, what kind of BYOD policies should you set in terms of what is and isn’t allowed? And how do you make sure there’s no impediment on the end-users ability to actually use their personal property for their own personal use?

What Your BYOD Policy Should Cover

This can be a bit of a tricky line to walk. As the Telecom Expense Management Industry Association (TEMIA) points out in their whitepaper, it may be necessary to bring legal counsel in to ensure that your organization is properly handling instances where your IT department may have access to an employee’s personal device. Such scenarios can include finding out whether your IT team has permission to conduct e-discovery on a device, how to handle evidence of a crime or finding inappropriate photos - even if those things clearly took place outside of working hours and the work environment.

So, what are some of the things that your organization should address to ensure that your BYOD policy is on the strongest footing possible? Let’s find out.

Authorized Devices and Applications

  • The types of devices that are permitted to be connected to the network. This list should be as specific as possible and delineate the brands and models that are permitted (i.e.: Apple iPhone 6S or newer, operating iOS 11.1 or newer, etc).
  • Acceptable and unacceptable applications. Again, this list should be fairly specific to ensure that employees don’t begin using other apps to get around the parameters and set up a Shadow IT situation.

Security

  • Security requirements, such as the number of characters a password must contain and how often the password must be changed; whether or not a device must “auto-lock” after a period of time, and what that period of time is.
  • Whether or not the device will auto-lock after a number of failed password attempts and what the process for regaining/restoring access will be (i.e.: IT must restore access or user can reset the password on their own following specific protocol).

Acceptable Use

  • What is considered to be “Acceptable Use” and how far it extends into the realm of personal use. For example, are employees allowed to use their devices for personal matters at all during work hours? Will certain personal applications (such as social media) be disabled while connected to the company network?
  • Whether or not devices are strictly for an employee’s personal use. Will you allow these devices to connect to the network at all?
  • Whether or not cameras are permitted and enabled during work hours and/or in the workplace. If not, you can implement applications that will control these features during the provisioning process.
  • The type of company information that will be permitted to be viewed and on which devices. For example, if an employee has access to their business email account on their mobile device, are they able to download attachments or will those attachments only be downloadable on a laptop or desktop?

Technical Support

  • Whether or not devices must be presented to the IT department for provisioning. Provisioning might include things like installing and configuring specific apps, setting up email, etc.
  • Whether or not employees should report hardware/software issues to the IT team or to the manufacturer of the device.

Now that you know what you should be doing, are you ready to find out how well your organization is actually doing it? Schedule your FREE IT Assessment today.