Despite IT department and executive fear, BYOD is the future. It offers enhanced productivity, cost savings, and it improves employee satisfaction. With or without approval, employees will find a way to use their own devices; companies need to embrace BYOD before it enters the company without an official policy in place.
As you are planning or revising your BYOD policy, make sure to avoid these common BYPD mistakes:
Lack of access control
Mobile apps should be no different than remote login. Any mobile app that gives access to company data should require user authentication, authorization, and access control. If the data is highly confidential, we suggest encryption of all data traffic and adding an extra layer of authentication on the app.
Allowing any device
You can’t allow archaic smartphones or jail-broken iPhones. IT would have an anxiety attack simply trying to get malware and anti-virus software installed on all those phones. This doesn’t mean everyone has to have an iPhone 5. This simply means you need to only allow devices that support the BYOD program.
Not policing policy
Policy compliance will not be achieved without effective and consistent policing. Policing sounds harsh, but what was the point of coming up with a policy if no one is forced to follow it? Make sure you have the capability to detect and stop misuse, follow up on alerts manually or automatically, and have the appropriate personal review reports. Constantly audit your program to make sure it is still functional and effective.
Telling employees what apps they can download would be upsetting and annoying for everyone involved, so it is better to have a list of banned apps. Apps are an easy way to deliver malware or viruses, so you need to keep an updated app “blacklist.”
You need to define user rights. Most companies will not benefit from allowing everyone to have access to everything. Users should be restricted to the information they need to access. You should also have location applications on the devices in case a device is lost or stolen. If you really want to be safe (and we always suggest that) you should have the capability to wipe company content, apps, and passwords off lost or stolen devices.
It’s time to throw away your fear and loathing of BYOD. It is here and people crave it, so create a BYOD policy before the lack of one hurts your company.