How to set up and monitor an effective BYOD policy
7 min read
29 June 2018
Here's how to plan, monitor and enforce a secure BYOD policy in your business.
A key part of a collaborative and mobile culture is BYOD. BYOD, or bring your own device, describes a policy wherein employees are permitted to work with their own personal laptops, tablets and smartphones, rather than being provided one by the company.
A BYOD policy allows employees who spend much of the work day outside the office to easily access everything they need, from wherever they are. Even primarily desk-based employees might need to travel for meetings or events, and if they do, they need to be able to take their work with them.
Benefits of BYOD policies
It’s estimated that seven out of 10 small businesses in the UK have now included BYOD as part of their everyday operations. It is, of course, necessary to have regulations in place to ensure security and confidentiality, but in most cases employees just want to be able to get on with their jobs, and restricting their access too tightly can lead to a frustrated – and therefore unproductive – workforce.
The acceptance of BYOD is a large part of big companies attracting top talent. Most workers prefer to work on systems and machine that they are familiar with – a long-time Mac user might struggle to learn how to use a Windows machine, for example. This familiarity and comfort leads to higher job satisfaction, morale and productivity.
So, BYOD is preferable for the employees, but advantageous to the business as well. For example, if employees are bringing their own machines to work on, the business does not need to buy machines for everyone. And, because employees tend to be more careful with their own equipment, the business saves money on breakages and repairs of equipment too.
Of course, a BYOD policy must come with a set of restrictions to ensure private and confidential company and customer data remains secure.
Considerations of a BYOD policy
When sitting down with employees to discuss both policies, there are various things to consider. These things will require constant monitoring to ensure that all regulations are being abided by. Users need to understand the rules that have been set out, and must agree to them if they wish to use their own devices.
It’s always a good idea to educate employees on the importance of good password safety, and when it’s their own devices they’re using this is doubly true. If a user wants to use their own device to connect to the business’ systems, then both parties must be sure that the device – mobile, tablet or desktop – is secure and protected by a strong password that is changed at regular intervals.
Programmes and applications
There should be an agreed upon list of what apps and services can be installed and run on the user’s device. Considerations should be made over how two apps will interact with each other and if that could lead to any security vulnerabilities that could allow hackers access to company data.
Office 365 Business Premium comes with online and offline versions of all of Microsoft’s most popular business applications such as Word and Excel. Documents and files can be stored on OneDrive and can only be accessed by employees with an assigned username and password.
Part of the BYOD policy should be an agreement for users to regularly backup and update their systems. Running older versions of software could lead to vulnerabilities being discovered and exploited. If vulnerabilities are found, they are patched by the provider and rolled out to machines. Users must ensure that all operating systems, software, and applications are up-to-date at all times.
The programs and applications on Office 365 are automatically updated to the latest versions, ensuring that the programs on phones, tablets or desktops are always protected from any discovered vulnerabilities.
Although it may not be an immediate thought when setting up BYOD policies with employees, it’s unlikely that those employees will be at the company forever, so there needs to be decisions made over what happens to the devices and access when the employee leaves the company. There should be a compulsory complete or partial wipe of the device to ensure that no documents or data remains on the device when the employee leaves the company. A business might even enforce a rule that requires the employee to get a new phone number, because the one they’ve been using previously is so heavily linked to the business.
Office 365 helps deal with staff changes through mobile device management (MDM). If a business has granted conditional access to an employee’s device, mobile device management on Office 365 can be configured to control the deletion of data remotely. This would remove all of the company’s files from the device, but wouldn’t require a full factory reset of the device.
MDM can also enforce a password policy on devices, implement and administer mailbox policies and configure security settings. In the event of staff changes, mobile device management can wipe the device remotely. This gives administrators the control they require, and employees the freedom they desire.
Enforcement of the policy
As well as creating a policy from the beginning, it’s important to consistently ensure that the policy is being adhered to. Regularly checking that employees are upholding the policy will ensure that the policy regulations are working, and will ensure that your employees are productive, secure, and empowered.
In increasingly connected and collaborative work place, Office 365 is the perfect partner to a bring-your-own-device culture. With one package giving each user always up-to-date, online and offline versions of Office on up to five devices, employees really can take their work anywhere.
For more information about Office 365 call us on 0808 1686 777 or visit the Fasthosts website: www.fasthosts.co.uk