Lots of employees are bringing their own personal electronic devices, such as smart phones, tablets and laptops and utilizing these devices for work.
If this is happening with your employees, then you have some BYOD issues to grapple with.
The advantage of employees bringing their own devices is that they are able to work from lots of places and at all hours. Employees can check email and deal with problems or avert them, they can set up meetings and they can log into your business database to access needed information offsite and off the clock, so to speak. The disadvantage is that there may be security, confidentiality and ownership matters to consider.
If you haven’t already developed a BYOD policy, the horse is out of the barn: it’s time to solidify your BYOD policies and be sure to publish them for your employees, and require that all current and future employees sign off on your BYOD policies. In addition, you need to include aspects of BYOD in current and future employee training
Your BYOD policies should address the following issues:
- Who is allowed to have access to company email through portable devices? Perhaps only a certain level of employees really needs to have remote access to the business email system. If everybody does have access, maybe certain components of the email system are not accessible remotely, like every client’s email. This decision requires coordination between the leadership of the company, the IT department, human resources and the on-the-ground people who are sending email the most (administrative assistants, customer service personnel and shipping professionals to name a few).
- What actions should not be taken on mobile devices? A decision at the corporate level should be made as to what actions should not be discussed or documents stored on devices that leave the corporate headquarters. Sensitive negotiations, personnel files, information that contain credit card numbers, even private email addresses should be safeguarded. In addition, employees must be mindful and compliant with any laws regulating the industry, like HIPAA.
- Password protection of devices. Every employee who uses a portable device for work should be sure that there are passwords installed prior to accessing company emails and other functions.
- Establish a policy regarding backing up of documents created on mobile devices. This policy should clearly state who owns the data that is created and how often and in what manner the documents should be backed up.
- Unblurring the line between personal data and company data. The employee should be aware that email on their phone will be backed up, but not necessarily their fitness regimen or their playlist. Employees should not assume that personal data is included in company backup plans.
- Privacy concerns. Employees need a very clear understanding as to what their privacy level will be on devices that are used for company business.
- Registration of devices. If devices are to be used for work, there should be a registry of such devices kept at the corporate level.
- Lost or stolen devices. Employees should have a protocol to follow if they incur a loss of their device, so the data can be retrieved. This protocol should include immediate notification that the device has been lost or stolen.
- What happens to devices if an employee resigns or is terminated? Again, this decision needs to be discussed by many stakeholders and then spelled out in your BYOD policy.