Updated for January 2017 (Originally posted May 2012):
Letting your employees use their personal mobile devices for work makes them happy — they love their devices. Research shows Bring Your Own Device (BYOD) also makes them more productive and increases their engagement with the workplace, including after hours. But when your company’s data isn’t under your control, it can be risky business!
What’s the right balance between productivity and security? Employee preferences and company policy? Here are 14 questions to help you decide:
1. How many US companies are already using BYOD?
BYOD adoption is as high as 72% in the US, with 40% of companies making it available to all employees and 32% making it available to some employees. BYOD has come a long way since its inception but security concerns have kept it from reaching the enterprise adoption levels predicted a few years ago.
2. What are the security risks?
All the usual security suspects come into play — malware, spyware, hackers, social engineering, and more. Any of those methods can be used to gain access to company networks, email accounts, and work content, plus data can be at risk during “transit” as well as once it’s on the device. Androids are more vulnerable than iPhones and iPads because they’re open-source. Leaky apps, or apps that don’t store data securely, are a major problem today.
3. Do employees typically keep their phones locked when it’s required by company BYOD policy?
Hopefully, but don’t count on everyone complying. On average, 34% of Android users and 15% of iPhone users don’t use a passcode or fingerprint authentication. In 2015, about 2.1 million smartphones were stolen — that’s down by a million from 2014 — and another 3.1 million were lost. So that’s 5 million missing phones a year, give or take.
4. How do we protect the data that’s on the devices?
You can either protect the phones the old way, using Mobile Device Management (MDM), or the new way, using a mobile security solution.
5. What’s the difference between MDM and mobile security?
MDM protects, standardizes and manages employee devices so they’re safe to use for business, while mobile security solutions provide access to business data through a secure platform that resides on each device similar to an app. Mobile security is also similar to Virtual Desktop Infrastructure (VDI).
6. Should we have different BYOD policies for staff that have different responsibilities?
Depending on the type of business you’re in, you may need to have a multi-tiered BYOD policy.
7. What’s the most efficient way to support our employees’ devices?
It’s best to not support them! It’s overwhelming for your IT staff and it takes them away from more business-focused IT tasks. Consider outsourcing MDM if you don’t want to migrate to mobile security. You can outsource mobile security as well.
8. What do we do about securing email?
Anything you can do to keep company email off of employees’ personal devices is a good idea. Keeping email off every device is a good idea, in fact. Look at using chat and other collaborative communication tools to replace as much email as possible. What’s left can be secured through mobile security.
9. I have a lot of customer-facing workers — does this impact our BYOD decisions?
It does! A recent study shows customer-facing workers are more productive when they use BYOD. Plus, they tend to use it whether or not it’s officially approved, which is another consideration when making your BYOD decisions.
10. What do we do if an employee has problems with their device and doesn’t let us know?
Gartner reported in 2013 that 73% of workers who admitted to having problems with their personal device failed to report it to their employer for possible risks. Make it part of your policy that employees must inform you about any issues with devices that have company data on them or can access company data, but be aware there’s a good chance they won’t.
11. What might our employees not like about BYOD?
Employees don’t like the blurred lines between their work and personal lives. There’s been some backlash regarding privacy issues, especially GPS and logging, and the ability of an employer to wipe personal devices. This is another reason companies are switching from MDM to mobile security solutions — you just need to delete and reinstall the app instead of wiping the entire phone if there’s a problem.
12. Who pays for what?
If employees are giving up their company devices to work on personal devices, you need to determine how much of their carrier bill you’re going to pay. Determining stipends can be a complicated (and contentious) part of your policy.
13. Is there a point at which BYOD management and stipends cost more than just providing company devices?
There could be! It all depends on your policy. Device prices have come down and so have packages, but carrier subsidies have also been eliminated. Make sure to run the numbers, and run them regularly to see if they’ve changed.
14. How do we enforce our mobile policy?
Mobile policies can be tough to enforce. The trick is to make them easy to follow (not too strict), keep them up-to-date so your employees know you’re serious (remove any references to old technology, for instance), and have employees re-sign it at least annually.
If you want more information about how to answer these questions for your company, our frogs are here to help. We’ve been helping clients find the best ways to integrate and navigate the ever-changing mobile landscape ever since mobile was a thing for employees. We’re also big fans of mobile security solutions, although they’re not right for everyone. Please reach out to us about BYOD if you’d like some guidance.
[well size=”sm”]If your goal is an optimized IT environment that helps your company grow and prosper, you need highly effective Help Desk support. The faster problems get solved, the sooner your team can get back to work. Leapfrog offers a range of managed IT services, including 24/7/365 Help Desk Support. We pride ourselves in our lightning-fast resolution speeds and deep knowledge of all things IT. Customer service as Priority One means no more bottlenecks![/well]