In 2014, United States mobile data traffic exceeded 530 petabtyes per month; the equivalent of 133 million DVDs each month or 1.4 billion text messages each second. “Smart” mobile devices (smart phones, tablets, smart technology wearables, etc.) provide instant access to information, and for many, serve as a bridge between their personal and professional lives.[dropcap]T[/dropcap]here is no denying that personal technology has invaded the business world. Millions of American workers are setting up office where and when they can connect to the internet. And, with access to an ever-growing range of devices, workers are not limiting themselves to hardware supplied by their employers. In response, organizations are increasingly supporting the “Bring Your Own Device” (BYOD) trend. By 2016, 38% of companies are expected to have implemented BYOD programs; that estimate rises to 50% by 2017. But before adopting a BYOD policy, a company should first understand its benefits and the associated risks.
The statistics supporting BYOD speak for themselves. Some 19% of firms believe BYOD improves employee satisfaction, and another 17% feel BYOD will improve productivity now and in the future. Nearly one-half of IT managers strongly agree that BYOD has a positive impact on worker output and 59% of IT decision makers believe their company would be at a competitive disadvantage if they did not embrace BYOD.
Aside from the numbers, the benefits of BYOD are numerous. BYOD lets employees use devices with which they are already familiar, allowing them to handle work-related tasks with greater ease and efficiency. By permitting employees to use their own devices, employees can work whenever and wherever they are needed, which allows for faster communication and constant collaboration. And often most attractive to employers, it can save the company costs associated with providing and maintaining the devices. Approximately 56% of IT decision makers believe that BYOD has completely changed their company’s culture.
While BYOD may boost worker satisfaction, increase productivity, and decrease spending, it is not without its dangers. The “at your fingertips convenience” of BYOD presents various corporate, security, and privacy issues for the employer and employee. Mobile employees, especially those working primarily from home or outside the office, are not “immersed” in the company culture as are employees working in the office. One way to combat this is to have regularly scheduled face-to-face meetings to help reinforce company values. Other issues may include having to upgrade company infrastructure to support all devices, dealing with unnecessary distractions in the workplace, and additional costs for securing the company network and the protection of company data.
[quote float=”center”]If your company has intensive trade secrets in how it manufactures a product, require camera and video capabilities be disabled while on-site.[/quote]
The security issues associated with BYODs are paramount concerns: 75% of mobile applications will fail security tests in 2015. Mobile apps generally focus on convenience and usability, not security. Employers must always remain cognizant of this. Further, network capacity may be hampered as employees use both company and personal devices on the same network, raising load and collapse risks. Mobility, with its cutting edge advantages, may also cut employers, as it allows for exposure to intruders seeking to gain entrance into the system, hackers, corporate thieves, employee error or carelessness, employee inappropriate behavior, etc. Companies need to consider mobile device management, endpoint security solutions, password protection, encryption, remote wipe capabilities, and mobile penetration testing to combat these threats.
Careful thought should be given to employees using mobile devices in international markets. The Federal Bureau of Investigation recommends the following security measures be considered to lessen the chances of “electronic eavesdropping:”
– Avoid alien Wi-Fi networks;
– Clear internet browsers after each use;
– Only log into your company’s network via company computers; and
– Change all passwords upon returning from business abroad.
Implement a BYOD Policy
[quote float=”right”]Another drastic, but sometimes necessary, precaution is to remotely wipe an employee’s device. [/quote]
Another powerful tool in an employer’s arsenal is a well-crafted BYOD policy. At a minimum, the policy should address the primary concerns of how to deal with an employee’s device becoming compromised or lost and what action is taken with respect to a device when an employee leaves the company. Indeed, a company should consider aligning access to employee devices based on the employee’s job duties and the corresponding need for company access. Those employees with less need for mobile connectivity receive less access.
A comprehensive BYOD policy should address acceptable uses of mobile devices on company time. Indeed, specify what mobile functions are allowed. If your company has intensive trade secrets in how it manufactures a product, require camera and video capabilities be disabled while on-site. Employers may also define what apps are acceptable for company business and prohibit others. Employers should specify what company resources may or may not be accessed by mobile devices, such as prohibiting access to company documents, contacts, etc. Employers also have the luxury of defining what devices they will and will not support and requiring employees to present the devices to IT for inspection and configuration before allowing the devices to have access to company assets. Company security protocols, such as device lock and password strength, should also be clearly delineated in the policy.
Another drastic, but sometimes necessary, precaution is to remotely wipe an employee’s device. If a company wishes to employ this as a security measure, it is advisable to inform the employee of this in writing. In fact, have the employee sign at that particular point of the policy acknowledging that a wipe of his device may be necessary if certain events occur with respect to the employee’s mobile device.
Given the uncertainty of mobile security, employers may also want to consider cyber insurance. A 2014 survey of United States. companies reports that 55% plan to buy cyber insurance in 2015. This is double the 2013 figure. These policies help cover a range of events, including extortion, privacy liability, breach mitigation costs, consumer redress, electronic vandalism, and errors and omissions.
Once a company decides to allow mobile device usage for company purposes, it must take steps to ensure appropriate security measures and a BYOD employee policy are put in place. The policy should reflect that the risks and benefits of mobile employees intertwine: keeping up with technology, cyber security, employee satisfaction, and preserving corporate culture. Once the policy has been crafted, be sure to communicate it to employees so that they understand the policy’s purpose and their responsibilities pursuant to the policy. By understanding the risks and putting the right solutions in place, a business can balance the productivity gains that result from a BYOD program, while reducing the chance of data loss or breach—resulting in both a satisfied workforce and a BYOD policy that keeps up with the ever-changing pace of technology.
Asheville Executive Information Technology Forum (AEITF) provides ongoing discussions on key technology issues facing local organizations and fosters the development of relationships essential to their members’ success. Doug spoke at the February 2015 meeting of AEITF.
Doug Lineberry is Special Counsel with McNair Law Firm, P.A., and focuses his practice on intellectual property representation.