How to Architect a Smart BYOD Policy for SMBs

Adopting mobile technology into the workplace is a challenge, especially for small to medium-sized businesses with tight budgets. There are a good many aspects, such as security, device management, and app development that can make mobility difficult to implement and manage.

One of the tougher strategies to develop is how to deal with allowing employees to use their own devices for business use. Downloading company apps onto personal devices brings a lot of privacy and security vulnerabilities along with it. In this article we’ll discuss how to build a smart BYOD (bring your own device) policy for your SMB.

Smart BYOD Policies for SMBs

There are a lot of BYOD uses, like company e-mail, and using personal computers with familiar operating systems and software in contrast to company computers that are unfamiliar. Most employees desire productivity and can get their work done much more effectively using equipment they are used to.

For companies, there are not any cost-saving differences in BYOD vs. company-issued equipment. Saving money is the wrong reason to adopt a BYOD policy at your company. In fact, many companies discover the cost of managing a BYOD environment minimally increased costs.

BYOD is about productivity and efficiency. A lot of SMB’s own computer equipment is outdated, using previous versions of operating systems consumers have long-since forgotten about. Forcing someone to switch from a Windows 8 mindset back to XP for work naturally slows down their ability to complete tasks. The same goes with mobile devices. Forcing someone to work with a device they don’t use all the time, day and night, isn’t nearly as productive as the BYOD alternative.

What to Include in a BYOD Policy

When creating a BYOD policy for your SMB, all aspects of the business should be considered. There needs to be clear guidelines of what is and what is not acceptable use of personal devices for company business.

Access Policy

What company data needs secured from all other information? Not all company data needs to be visible to employees’ devices. Having a strict access policy informs employees of the approved systems to be accessed and edited from their devices. Locking the private, sensitive information from their access will give you an extra line of defense against data breaches from these devices as well.

Liabilities Policy

Companies shouldn’t require BYOD; if an employee needs equipment the company should provide it. But for employees who do bring their own devices doesn’t mean the company assumes liability of that device.

If an employee loses a personal device on a business trip, or while working, they may feel as though the company should replace the equipment. If your company wants to accept that responsibility, it’s perfectly fine. But these liabilities should be spelled out in the BYOD policy so employees know where their responsibilities end and the company’s begin.

Also, if your IT department must retain “remote wipe” authority to safeguard critical company data from intrusion or theft, employees need to know the purposes and times it will be used. They should agree to give the company that authority over their device.

Mobile Device Management Policy (MDM)

For companies who require their business apps to work in offline mode, company data will have to be downloaded and stored on the device. In this case, devices with company apps on them should be required to have password protection. They also should have encryption software installed.

Offline capability is not a requirement for the vast majority of businesses. In this case, cloud and/or online apps make more sense and solve the major problem of mobile device management. With cloud or online apps, user access can be managed without having any kind of authority over the device.

If an employee loses their device, if their device is stolen, or even if the employee goes rogue and decides to damage or steal company data, their access can be blocked from the application level. You can read more about user access  and app management on the appsFreedom platform, and MDM here.

Having an Effective BYOD Policy

While many companies are adopting BYOD for the obvious benefits, the end result is just as many issues for IT as with traditional company equipment. Every company that allows employees to bring their own device needs an easy to understand BYOD policy. This will save them from confusion on responsibilities and liabilities; it will also save the company the heartache of dealing with BYOD problems and issues.

A BYOD policy is only one portion of a much larger mobility strategy for your company. It’s not the end-all document that solves all problems. If you’re building a mobile strategy for your company, you’ll want to download our eBook on solving for mobility by department.