BYOD (Bring Your Own Device), the handy mnemonic we use to signal allowing staff to use their own mobile devices, not company ones, has become pervasive for a number of reasons. However, if you stick BYOD into any search engine, you get headlines like these:
‘BYOD leading to increasingly risky behaviour among employees’… ‘Why BYOD could lead to lawsuits for employers’… ‘BYOD employees ‘indifferent’ to enterprise security’
These are just three news snippets from Google News that appeared in four or five business days prior to my search. I could go on, but there is a definite theme that’s emerging here. BYOD is risky… and doing it in a way that meets the twin goals of giving employees what they want, i.e. the option of using their powerful, personal connectivity in the workplace setting, as well as meeting the other equally strong requirement of doing that in a way that’s safe, secure and adheres to corporate guidelines is even riskier.
In fact, it’s so easy to get BYOD wrong that many observers feel the management of it is becoming a specialist skill. That sounds possibly a bit counter-intuitive to BYOD enthusiasts who seem to literally see no reason why you can’t use any device you like to transport or access often sensitive company data. If it does, I am making no apology – as the goal of keeping the staff happy, while important, should never compromise the wider duty you owe to customers and partners about protecting the integrity of their information.
Security is probably the most important aspect of getting BYOD implemented properly. Its day to day running is also something of an issue for the unprepared; by which I mean, all the policies and procedures and error handling techniques you need to have in place re new joiners, getting assets back off departing employees, dealing with breakages, damages, losses and software and operating system issues that you probably haven’t a clue about.
And if you think that staff access to data is a one size fits all issue – that “Joan in Accounts” should have the same access to the same amount (and type) of data on your computers as “Billy in Sales” or “Jan in Senior Management”… well, I’m sorry to break it to you, but outside of a man and wife corner shop operation, that stance just doesn’t cut the mustard.
You need a way to direct access to the people whose pay grade and function mandates it – or you are so close to breaking the Data Protection Act, which obligates you to impose appropriate internal information hygiene, as to be genuinely risky.
The smart play here is to do for internal staff access to mobility what you are already probably doing (very well) around issues such as facilities management, back end server operations, your helpdesk, possibly your HR or other non-core business processes; hand the problem over to a competent external third party which has the knowledge base, experience and focus to get those security and operational control issues nailed down a lot better than you have the time to do.
That’s because the same logic applies in mobile and remote working management as it does in the other areas.
A partner skilled in this business will have the depth of resources to keep abreast of the legislation and technical advances in this field in a way that you can’t – allowing you to concentrate on the revenue-generating activities that keep you in business.
Which is also the way, let’s hope, your business’ brand will never be in one of the endless slew of controversial BYOD stories…
Image source: Shutterstock