Article Creating a Bring Your Own Device (BYOD) Policy
By Insight Editor / 5 Feb 2019 / Topics: Modern workplace Devices
Your employees are begging for it and your IT team is panicking.
Your staff may have already started trying to sync their personal devices to your network.
Whatever the case, establishing a bring-your-own-device (BYOD) policy for the workplace is essential to remaining current, creating true collaboration, keeping company data safe, and overcoming the chained-to-the-desk workplace mentality.
Recent studies from Tech Pro Research have found that 74% of organizations are already using, or are planning to establish, a BYOD program.
This trend is only increasing.
IT World Canada states that 82% of highly engaged employees work remotely whenever possible; giving them the freedom to continue to be engaged, but also establishing a healthy and productive work-life balance.
Starting from scratch and trying to ensure that you’ve covered all your bases can be both a
complicated and a lengthy process.
So, to help give you and your team a head start, we’ve compiled a handy checklist with a thorough 5-step process that you can refer to throughout your journey to establishing your BYOD policy.
Step 1: Assemble a Team
Before you decide on anything, you need to include representatives from all of your major departments. Be sure to also include end-users and not just department heads, so that
you can hear input from everyone regarding what they want, what they need, and what won’t work.
Strategically including team members from multiple departments and with different technical backgrounds at this stage will promote an atmosphere that’ll encourage a more
universal employee buy-in to the program.
Hold Discussion Sessions
The first discussion session will be to outline not only how creating a BYOD policy will help reach specific business goals and objectives, but also to clearly establish the roles of your team representatives throughout the planning and implementation process. They will have to:
- Lead departmental discussion sessions.
- Speak for their entire department in order to represent the information collected.
- Conduct departmental reviews:
- This includes listing all processes, software, hardware, and systems they need in order to conduct their daily work.
- If you’re open to considering multiple devices or platforms, take this chance to survey your employees on their devices of choice. Apple, Windows, or Android? Laptop or Tablet?
- Find out if your employees are already using personal devices — asking openly (and potentially anonymously) is your best bet to get accurate information. Guessing isn’t your best
course of action here.
Step 2: Develop a Draft of Your BYOD Policy
The second discussion will be to collect all presented information into a collective company-wide map of software, apps and systems used throughout your employees’ daily work. Multiple sessions may be necessary as you discuss your policy, but ideally it should take two sessions to nail down what’s required and outline an acceptable policy.
Rely on your in-house IT team to address any usage issues raised by departments, and the feasibility of making certain applications accessible from a personal device.
At this point, it would be valuable to select a Mobile Device Management (MDM) software, if you haven’t already. Through this system, you’ll easily be able to:
- Establish profiles
- Configure devices
- Enforce password policies
- Perform remote operations such as wiping the device, locking the device, or accessing software or hardware components
- Deploy management settings
- Restrict information access (rights management)
Our security-centric MDM Software suggestions include:
- Microsoft EMS (Azure AD Premium, Microsoft Intune and Azure Rights Management)
- Cisco Meraki MDM
- Symantec Endpoint Protection Mobile
- Trend Micro Mobile Security
- IBM Endpoint Manager for Mobile Devices “Tivoli”
Research All the Legal and IT considerations Around BYOD
Create sections that clearly outline:
All of the devices that will be supported by the policy
- This is to include their operating system version and update number, as well as payment policy on these devices.
- Is the employee being reimbursed for the entire device, or just a portion? This section should clearly define how any reimbursement program might work.
- How will the employee set up these devices for business use?
Acceptable use related to personal devices
- That includes definitions on personal use and company time while establishing policies surrounding usage that is deemed appropriate or inappropriate, complete with examples.
- This section should also include a list of restricted and accepted applications which ensures clear instructions surrounding popular apps such as Facebook, games, productivity apps, etc.
Note: most MDM solutions have the ability to customize access rights to both personal and company apps with the ability to ‘selectively wipe’ ONLY company apps if the need arises. The personal apps are retained, untouched, on the device in this scenario.
User profiles
- Include an outline of exactly which company owned resources will be available to employees of different access levels — and explain why certain key functions have been locked.
- An explanation to employees on how your MDM software works with profiles and establishing limitation could also be useful here.
Rules on device and network passwords
- Clearly communicating when a device lock is required, as well as potential secure sign-on credentials and password resets that may include multi-factor authentication.
Outlining the device wipe policy to clearly define:
- When/if a device will be wiped
- Which data is wiped
- How IT will assist in showing employees how to properly backup their data
Your management and IT department need to clearly lay-out employee responsibilities so that each user understands what they are agreeing to by using their personal device for company purposes. This section should include:
- Plan payments
- Data restrictions
- Agreement to follow the above rules as laid out in the policy
Step 3: Present Your BYOD Policy to Decision-Makers
Be sure that you’ve covered all your bases, including objectives, approved devices, application/information access, security, directory access/connection, and if you’ll have a virtual desktop established.
Put this together in one comprehensive document that can easily be referred to by both decision makers and employees who will be involved in the program.
Include ROI projections that may persuade the lingering BYOD naysayers to give it a chance.
Step 4: Thoroughly Test Your BYOD Policy
Consider deploying the first round as a pilot program so that you can get a feel for employees reactions to the new program.
- Include executives, mid-level, and entry-level employees from each department to get an overview of uses, dislikes, and any problems that they encounter that may be specific to their job function.
- Be sure to choose people you know will give you honest and candid feedback so that it’s not a wasted trial.
Step 5: Deploy Your BYOD Policy
Clear communication is integral to entice employee buy-in to the program. Rolling out anything new, especially something with the immediate implications to each individual in your company,
requires training. Clearly establish the program’s objectives, limitations, and devices accepted is crucial.
Follow-up once it’s implemented to ensure that your initial goals and objectives are being met, as well as to follow up with employees and ensure that it’s useful.
Applications and software are constantly providing updates in order to offer better quality services and interactivity, therefore, you have to ensure that your IT department is testing and installing these updates frequently.
Continuously search out potential threats and policies to prevent data loss.
The security of your network is only as secure as the applications that your employees are accessing. Keeping an eye on potential backdoors ensures that you’re ahead of the hackers.
Are You Looking To Easily and Securely Manage Your Mobile Devices?
Managing a complex network of end user devices can be challenging for any IT department. To combat that challenge, you may need the help of a managed services provider.
