We reported in our HR and business outlook for 2018 the increased emergence, reliance on bring your own device (BYOD)
BYOD is the policy and acceptance of allowing employees to bring and use their own IT devices (typically phone, tablet, PC/Laptop) for work use.
Recent research has found its use has grown rapidly in high growth markets like Russia and Brazil (where it’s reached close to 85% of companies) while in the USA and other mature markets it’s closer to 70%
You may think that BYOD is something companies have to specifically elect to do (they should), but it was surprising to read that almost half of BYOD use was unmonitored (either ignored by IT or unknown to IT).
So BYOD, whether you’ve implemented it or still on the fence or ruled it out, is here to stay and its use will likely only grow.
Benefits can include
- Reduced IT capital spending
- Increased productivity / program access
- Improved morale/talent attraction – this last one is a bit of stretch. I know I hated my company issued PC’s at my old company but I don’t think it would have stopped me accepting and liking my job.
- SaaS based applications like ActionHRM Human Resource Management Solution (HRMS) are a perfect fit for BYOD as no data is stored on the device. Some data could be in cache but easily cleared or controlled.
Headaches, challenges and pitfalls of BYOD
- Increased range of devices to support / troubleshoot
- Requirement to manage subsidies / allowances
- Concern for employees about cost of purchase and reimbursement of usage costs
- Ownership of IP data e.g. when an employee leaves
- Data breach risk
- Loss of work life balance (no excuse for 24X7 access)
Pitfall’s 1-4 are fairly easy to resolve.
However items 5-7 as listed above are real HR & IT department challenges and also seen as a company risk.
A recent survey in computer weekly in August 2013 found nearly half of the BYOD friendly firms had data breaches. The size and scope wasn’t disclosed but it certainly dimmed my enthusiasm although that said, I don’t think a non BYOD environment can eliminate the same risks. It was positive to hear that about 9/10 of affected firms will continue their BYOD policies. But it’s a clear example and warning of the additional risks and challenges BYOD pose if not properly managed, secured and reviewed.
To have a successful BYOD we recommend to:
- Have a well documented and considered policy – what devices are supported / allowed, what happens when an employee starts or leaves, clearly define any allowances or subsidies provided to BYOD, state and provide training and acceptance on the access rights and rules both the employer and employee has on a BYOD data.
- Establish minimum (and strong) security controls e.g. password strength, lockout, remote data wipe, etc.
- Utilise technology to reduce the risk and improve administration e.g. Blackberry Secure Space, Enterproid, VM Ware MVP
- Follow-up and review your BYOD policies and outcomes regularly. Get feedback to make you make the most of the BYOD opportunity while minimising risks.
- Deploy company managed multifactor authentication (MFA) and single sign on (SSO), ensuring your company administrators can comply with your company policies.
Now in 2021, add the complexity of IoT devices in BYOD environments:
Clearly both risks and threats are rising from the increased prevalence of devices utilising internet of things (IoT) protocols.
When IoT is coupled with BYOD as a company consideration, you start to see why effort in this area from your executive in regards to policies and procedures, and your IT resources in keeping your BYOD environments secure, continues to increase as an overall cost for most mid-tier companies.
Continued effort is required from your skilled resources on an ongoing basis to mitigate risk by as more and more employees come to work, access company networks, or connect to company devices via IoT enabled devices.