Allowing employees to bring their own device and use it at work is very popular due to the benefits of increased productivity and cost effectiveness. With BYOD, employees provide their own technology, which means their more likely to work on their own time.
If you own or run a business this may sound like a winning proposition; although there are risks with BYOD when an employee is fired or let go. You must inspect their iPhone or laptop to ensure it doesn’t contain company information and this may not always be possible.
Many businesses are embracing the BYOD trend, but the question of how to balance the risks of them taking and sharing your company’s data vs. the benefits of having a self-provisioned workforce are issues to be reconciled.
BYOD Layoffs: How Can You Minimize the Risks?
It’s a commonly known fact that some data will always remain with employees after they leave, such as email addresses and phone numbers of business contacts, or content regarding the organizations’ critical business practices and initiatives. Copying and moving information can be performed quickly with digital files.
Joshua Weiss, CEO of mobile application development firm TeliApp says:
“There’s no definitive way to get onto a [departing] employee’s personal devices and undo what’s been done, and if your workers have been using off-the-shelf solutions like Dropbox, it’s virtually impossible with some sort of exit interview.”
Rick Veague, the Chief Technology Officer of IFS Technologies of North America explained that you can sort structure-communications data into three categories: mobile data, emails and files containing company information. Once you’ve sorted out the data, you’ll be able to figure out the level of risk associated with letting go a specific employee.
“Mobile data is a big problem, so it’s time to start compartmentalizing risks. This way, you can find a balance between the benefits of a [BYOD] workforce and the risks,” Veague says.
Plan Ahead For Employee Departures
To minimize risks, you need to plan for employee departures. The following is an overview of the policies and practices you should consider implementing to make the departure run smoothly and minimize risk to your company.
Create a Written BYOD Policy
This sounds simple, however, it’s not as easy as you’d think. TeleApp’s Weiss said that it took his company almost three months to create their current policy. According to Weis, it started off as a paragraph, and turned into what seemed like a three-page demand letter.
Why did their current policy take such a long time to develop? TeleApp treated it like a software development project. After the first paragraph, Weiss and the management team began to compile different “what-if” scenarios, and integrate them into the policy. Weiss called this process “alpha testing.”
When they realized they hadn’t included everything that could go wrong, they further expanded the BYOD policy to include potential real-life situations. After these were addressed, the policy was complete.
When developing and implementing a BYOD policy you must define:
- The benefits of using BYOD against the disadvantages.
- Which applications will be allowed, and which will not.
- The acceptable business use for devices, and what won’t be tolerated on company time, such as harassing others.
- What company resources (email, calendars, etc.) may or may not be accessed on a personal device.
- The limits of “acceptable personal use” during company time, such as playing games, sending/receiving personal texts, or using social media (Facebook, Twitter, etc.).
- Reimbursement policies regarding the cost of devices and/or software, and mobile or roaming fees.
- Security requirements that must be met prior to connecting a personal device to the company network.
- Which devices are allowed to access the company’s IT network. Be specific—include the model, operating system, and version.
- When devices are presented to the IT team for critical configuration of employment-specific applications and accounts.
- The “what-ifs,” such as when a device is lost or stolen.
- The liabilities the employee must assume for physical maintenance of the device.
Many companies also implement confidentiality and non-disclosure agreements to ensure employees can’t walk away with company property or data, and use it for unacceptable purposes.
Monitor Your Data
Your IT team should set access or restrictions to data and files that are locally hosted via your company’s shared file servers, and they should monitor employee IT activities as well.
According to Weiss, TeliApp runs on the understanding that everything on the company’s server is property of the company, and users aren’t allowed to copy files to their computers. If someone does copy a file, the action will be recorded and remedied immediately. Weiss says that everyone begins to understand the policy after his or her first infraction.
Keep Data Off Local Devices
When you’re choosing applications and services, ensure that your data can’t be downloaded and saved to local devices. Restricting user access to central repositories and networks is one of the key ways to minimize risks associated with BYOD.
Use tools that sync all user data to a central account, and make sure an administrator controls access. Find ways to place intermediary technologies between employee devices and the company network; this will greatly reduce your IT team’s workload and add an extra layer of protection to the company’s networks.
It’s also a good idea to use tools that allow an administrator to remotely wipe or remove an account. This way, former employees can keep their device, but they won’t have access to their old accounts when using certain applications.
Use applications that reduce the amount of data that’s downloaded onto a mobile device, and follow this rule of thumb: “If you can’t access the app, you can’t access the data.” This will keep your data protected and safe as long as an administrator shuts off the individual user account when an employee leaves.
Regularly Perform Sweeps
In a self-provisioning workforce, not every worker will be as diligent about security measures, backups, and application updates as a dedicated IT professional would be. Make sure your IT team steps in regularly to perform security check-ups on any devices that are allowed to access company networks. Users will already know that their devices will be scanned and updated regularly due to security requirements in your BYOD policy.
Use The Cloud (SaaS) To Minimize BYOD Risks
A cloud-based service can minimize the risk of a BYOD workplace. Once employees are allowed to use their own mobile computers, they will want, and actually expect, that they can use them in all the same ways as the devices owned by the workplace.
By having your data stored on a cloud-based service you can control the access that personal devices have before, during, and after an employee leaves the workplace.
Use Caution When Hiring Employees
While this last step may be entirely out of the IT team’s control, it’s often the first and most important step to avoid employee problems. According to Weiss,
“You have to know who you’re hiring—it all comes down to that. If you don’t think a person’s trustworthy, regardless of what their credentials are, then don’t hire them.”
By following these steps, IT professionals can continue with their primary responsibilities, while the risks of letting employees bring their own devices to work are minimized. By following these suggestions, you’ll be perceived as employee-friendly and still be able to protect your business.