All the news coverage about accessing the San Bernardino shooter’s locked iPhone got me thinking about our company’s BYOD [Bring Your Own Device] policy. Do you have any insight into how businesses balance employees’ privacy rights with the concern over data breaches – unintentional (say they get hacked through a personal app) or deliberate (when a disgruntled employee quits, for instance)?
There are pros and cons for companies who permit employees to Bring Your Own Tech (Device, Phone, or PC). BYOD programs most often shift the costs to the user, saving businesses a potential boatload on their balance sheet. Plenty of companies are requiring workers to cover all the costs of their devices and, surprisingly, employees are not complaining. (Well, some would still like an allowance or reimbursement.) Employees get to use the device that they prefer – we all know Apple aficionados are notoriously loyal – and that may result in higher productivity. Personal users tend to upgrade to the latest technology at a faster pace than bureaucratic organizations, which can keep your company on the leading edge at no expense to you.
Businesses generally have users sign an acceptable use agreement for company-issued IT, but employees may be a bit touchy being told how they can use their own personal devices. A policy update may be in order. You must insist on strong passwords and lock screens on personal devices. Beyond that, there are plenty more issues to discuss. Will your acceptable use policy dictate which web browser employees must use? May sports fans livestream March Madness games during work hours? (Can your network bandwidth handle the surge?!) Is posting on Facebook while on their device’s Virtual Private Network (VPN) a violation of policy? What if a security hole in an app on an employee’s personal phone allows hackers to access your company’s relay mail? Should you decide which apps will be allowed or banned (what, no Spotify?!)? Use this BYOD policy template as a jumping off point to develop your acceptable use agreement.
When employees leave a company with BYOD, it’s not as simple as turning in the work-issued IT and wiping it. You must have an exit strategy that retrieves company data and removes email access, proprietary applications, access tokens, and more.
You are wise to be concerned about the BYOD technology issue. But it’s far more complex than this little old lady can address in my advice column, so please check with your IT administrators for up-to-date best practices.
Readers: What is your company’s Bring Your Own Device policy?
Do you have a job-related question? Ask Anita.
Subscribe to receive weekly emails with career tips and advice for job seekers, employed people, and managers and supervisors.