Whilst BYOD can bring a number of benefits to businesses, including cost savings, there are some steps every organisation should take before implementing it organisation-wide.
1. Put a policy in placeThe first step is to draw up a reasonable, binding policy on BYOD to protect both businesses and employees. This will ensure that all risks are addressed and managed effectively. For example – what will happen if there is a data breach; who will be liable? What happens when a member of staff leaves or is suspended? Which applications are staff permitted to use? Furthermore, a fair and reasonable BYOD policy will be viewed more favourably should a case go to court.
2. Protect your dataThe Information Commissioner’s Office (ICO) has previously released guidance on BYOD in terms of compliance with the Data Protection Act. This includes personal information belonging to the individual, as well as customer and client data to ensure that data is stored securely. It also covers areas such as monitoring of devices, personal usage and whether data can be deleted if any breaches take place.
3. Back up, back up, back upWe all know how devastating it can be when we find ourselves without our mobile phones – whether through loss or an accident, it’s essential that devices are backed up. Any BYOD policies should cover this to ensure critical client data isn’t lost in such an instance.
4. Avoid the perils of free Wi-FiThere has been a great deal in the press recently with regards to safeguarding data via free Wi-Fi hotspots. General advice is not to share sensitive data over public Wi-Fi as there has been an increase in misuse. The ICO’s advice is to ensure that devices are locked with strong passwords and encryption is used where possible. Any transfer of data should be done via a secure channel. Security breaches can be deadly, so ensure your policy covers this.
5. Practice a work/life balanceDon’t forget that not all employees will want to be connected to their devices 24/7. Whilst BYOD can increase productivity, it can also be detrimental to an employee’s health and wellbeing as they feel under pressure to work from home in the evenings and at the weekend. At the same time, some employees prefer to have access to emails and other correspondence so they can be kept in the loop on work matters whilst they’re on leave or out of the office. It’s advised to give employees a choice as to whether they bring their own device. With the cross-over of an employee’s personal mobile being used for business, employers must consider the legal implications. By working in close partnership with a trusted legal advisor, organisations can be advised on developing their own policies on BYOD to ensure all risks are addressed and managed effectively. Jo Davis, Partner, Employment of B P Collins LLP.
Share this story