The jury is in, and they have a verdict: whether you like it or not, BYOD is here and here to stay. Now that the ruling is out of the way, it’s time to set up solid policies to assure that the influx of devices occurs in a manageable fashion and all necessary security policies are in place. Here is your checklist for implementing solid BYOD policies.
1. Consider Your Bandwidth Limitations
Before you worry about compatibility issues and security threats, the practical need for adequate bandwidth has to be addressed. All of the new devices will mean more strain on the system, and if it isn’t handled you’ll experience terribly slow connectivity and lots of user complaints. Speak to your Internet service provider about the connectivity and equipment you need to invest in to assure fast service.
2. Decide What Devices and Apps are Allowed
What devices and apps will be allowed or prohibited? If particular apps are prohibited, does that mean users can’t install them, or just can’t use them for company business? Discuss with IT what devices, operating systems, and apps are compatible with current systems. Also, determine what apps will be required, which the company will provide or reimburse the user for, and what apps are specifically banned.
IT may wish to ban apps known for security problems (such as certain gaming apps) or might not be able to support certain devices with applications developed in-house (such as a Windows-based app that isn’t compatible with BlackBerry or iPhone). Cloud-based apps are an ideal option for offering compatibility among devices without having to develop new apps or modify apps in-house. The cloud is also an excellent option for backing up data on users’ devices.
3. Specify Ownership of Data and Apps
Smartphone users download and use an average of about 30 apps. You can expect about the same number on users’ tablets. If the apps are used for business, does the company own it or the user? Most IT departments require a means by which to monitor, back up, and wipe data and apps in order to comply with industry compliance regulations and to protect their customers’ privacy and their own intellectual property.
An important note here is the need for planning for all possible scenarios. What will happen when a user’s device is lost or stolen? What happens if data from a user’s device is needed for litigation? What rights does IT have to search and monitor the users’ devices? What are the procedures if IT finds NSFW content on the device? Good planning at the start assures your company is covered for issues that arise in the future.
4. Determine if Any Company Reimbursement Will be Offered
Is the user responsible for all costs for the device? For example, if a worker travels outside the coverage area specifically for business, are they entitled to reimbursement for roaming charges or data use above and beyond their plan? What if the device is broken while the worker is doing something for the company? If IT accidentally wipes the user’s photos of their kid’s birthday party, is the company liable? This stuff happens, so be sure there is a plan in place to address these mishaps. Check labor laws, which often regulate particular situations where workers are entitled to compensation for employer expenses.
5. Establish Security Policies and Procedures for Users
Protecting devices with mandatory passwords and strong authentication procedures is essential for network security. How will you assure that user devices are protected by passwords, and what will the minimum requirements for a strong password be? What is the protocol for users to follow when a device gets lost or stolen? How long does a user have to report the issue?
Security policies should also include what the requirements for using public or other unsecured Wi-Fi are. Determine if users are allowed to log on to public Wi-Fi, use their own hotspots in public, or log into the system via their home Internet connection.
6. Demand Consequences for Failure to Comply With Policies
All of these rules, of course, are meaningless if there is no way to enforce policies. What will happen if a user doesn’t follow the rules? How will you know if they don’t? Be aware that remote workers, managers, and executives sometimes like to think the rules don’t apply to them. What happens if a manager gets caught disregarding policy? Make sure rules are fair and consistent.
7. Create a Workable Exit Plan for Workers Using Networked Devices
In a perfect world, employees give a two-week notice, submit to an exit interview, and deliver their device to IT so they can backup and wipe all the data. In the real world, users pass away suddenly, get fired, or simply fail to show up for work anymore. Plan for all eventualities by empowering IT with the means to collect valuable company data and wipe the device remotely.
8. Define What Training and Support Will be Provided
Your help desk also needs to be informed about what support and training they are expected to give users. Are they responsible for teaching users how to use their new Android? Do they have to deal with problems like apps that won’t work? Decide what the company will offer in terms of training and support.
When you’ve completed this checklist, you can be assured that your new BYOD policy is well on its way to success.