Whether you realize it or not, your company already has a BYOD policy. BYOD or “Bring Your Own Device,” refers to the growing practice of employees using their own personal smartphones, tablets, and laptops to do their work.
According to a recent study, more than 90 percent of employees use their own smartphones on the job. Many of those users are doing so without the knowledge or approval of their employers. In fact, one survey revealed that 30 percent of employees who use their own devices for work do so in direct violation of the wishes of their employers.
All this means that the likelihood that BYOD is already happening in your company is very high. And if you don’t have any stated policy to control these practices, you really have a policy of “anything goes” with respect to employees using their own devices for company business.
Failure to regulate employees’ inevitable use of personal devices on the job subjects an organization to a number of potentially dangerous exposures. For example, when employees access company data from their personal smartphones or laptops, the information that may pass through or be stored on those devices is much less secure than when it is confined inside company owned systems. Yet, surveys show that left to themselves, employees pay little attention to maintaining the security of information resident on their devices.
In addition to data security issues, companies with no stated BYOD policy may find themselves exposed to unexpected legal liabilities. These may include issues such as failure to meet privacy and data retention requirements, or violation of labor laws, which often occurs when non-exempt employees are not paid overtime for work-related tasks (such as reading and answering emails on their smartphones) they perform outside normal business hours.
Developing a written BYOD policy forces a company to think through such issues, and allows them to put in place procedures that may not only mitigate some of the exposures BYOD inherently involves, but which may also insulate the organization from charges that it failed to perform due diligence in regulating the activities of employees who use their personal devices on the job.
If you’d like to discuss how to formulate a sound BYOD policy, contact us.