Create a BYOD policy that fits your business

man using smartphone

At some point during the growth of a company, it becomes important to implement policies on how staff use their devices to store and communicate corporate information.

To protect and control enterprise data, businesses should create a bring-your-own-device (BYOD) policy while the number and diversity of devices is still relatively small.

Consider following these five guidelines to create your BYOD policy:

1. Establish boundaries around choice of devices

Businesses should decide whether employees can use their own devices for both personal and company purposes, or whether the company will supply devices to employees and determine whether those units can be used for purposes beyond company business.

Both policies have their advantages and drawbacks in terms of expense and flexibility. Make certain to explore best practices with regard to company security and employee satisfaction.

2. Define policies regarding insecure Wi-Fi

Free and public Wi-Fi access can be helpful, but are inherently insecure.

Make certain your policies clearly identify what can and cannot be done while connected to Wi-Fi hot spots. If you want to allow their use, understand and implement secure connection systems like VPN connections to protect data as it moves across unsecured networks.

As an alternative, specify which Wi-Fi locations and providers can and cannot be used as part of your policy.

3. Develop loss, theft, and exit policies

Portable devices are portals into your company’s business. Determine how IT will handle lost or stolen devices with regard to their ability to lock down the units remotely and optionally wiping them and resetting the factory default.

Company-provided units don’t have issues with remote wiping, but resetting employee-owned devices can result in personal data being permanently deleted. Make sure to also define your policy regarding the status of equipment and data when employees leave the company with regard to removing some or all of the data on the units they used.

4. Make sure your policies are legal

Get legal opinions on your policy decisions to ensure the actions you intend to take are legal and not subject to dispute after they have been performed. Have employees sign an acknowledgment of the policies and confirm they understand the implications.

5. Include all levels of staff

Don’t forget to include executives in BYOD policies. Top-level staff usually have access to the company’s most sensitive information and there’s greater risk when their devices are stolen or their connections intercepted.

Executives are often early adopters and may have the most up-to-date equipment that may not be covered with your current protection technologies. Make certain they understand their responsibilities and the risks their devices may pose.

Get started with developing your policy and have it reviewed by management. Assure that your IT infrastructure can support any security measures you deem necessary, and implement them by creating awareness and providing training. Then, have every staff member acknowledge their understanding by signing the document.

Need more help? Mobility services from AT&T can help you manage all aspects of BYOD policies for your company.

Asmara Hadi Associate Director of Marketing AT&T About Asmara