BYOD Bites Back
The advantages of being able to “Bring Your Own Device” (BYOD)—i.e. use one device for both personal and work needs—are well known. The potential management, security and liability issues related to BYOD are less well understood.
Multiple operating systems.
If users bring their own devices, they also bring their own operating systems. For iPhone users, this will be either iOS6 or iOS7, but for Android smartphones, the operating systems vary more widely depending on phone manufacturer (LG, Motorola) and age of the device. This can create distinct challenges for IT departments striving to ensure consistency and compatibility across systems.
When IT loses control of a device’s configuration and security settings, it can leave a device and the corporate network open to threats from malicious software that can steal data or give unauthorized users access to company resources. As a result, companies are struggling with mobile governance, including the management of people, policy and process issues.
For example, who installs and manages anti-virus software on the device? And how does a company ensure terminated employees’ access to saved proprietary documents and IT infrastructure is completely revoked? CIO Insight reports that only 41% of companies say they have a process for removing mission-critical data from employee mobile devices in the event of a firing or resignation.
For many companies and employees, this is a serious gray area. When the employee uses a device for both personal and work purposes, who owns what’s on the device? The worker? The company? Both? And who decides?
Nobody wants to think about this, but if an employee is in a motor vehicle accident on work time and a BYOD is the cause, who is liable? Think personal texting on a work smartphone…or a work conversation on a personal smartphone. Companies need to understand their culpability.
All of these concerns require careful planning, implementation and follow-up throughout your organization. Your company’s BYOD policy should clearly and cohesively spell out the answers to these questions and others, and employees should be educated on how to abide by the policy.