The Hidden Costs of a BYOD Strategy

Tech Insights for Professionals

Tech Insights for ProfessionalsThe latest thought leadership for IT pros

Tuesday, November 26, 2019

Bring Your Own Device (BYOD) is the act of allowing employees to bring and use their own phone, laptop or tablet to carry out their work.

Article

The practice, which has seen many businesses cut hardware and service costs is widespread, with 59% of businesses using or planning to implement BYOD policies.  

Affording your employees the opportunity to use their own device with the operating system they are most comfortable with and use personally and socially can make them more productive and increase the quality of their work.

However, while business owners might revel in the perceived cost savings that BYOD presents, as case studies outlined within this article will demonstrate, there are hidden costs; both financially and non-financially.

What is a BYOD strategy?

While there are obviously key aspects of BYOD that makes it risky for businesses, there are also key benefits as well. Employees work better on - and tend to prefer - their own devices, with BYOD increasing productivity by 34%. If you want to experience the benefits of BYOD without the risks, it would be a good idea to implement a BYOD strategy.

This doesn’t need to be particularly complicated; it can be as simple as a few policies outlining what employees can and can’t do with their devices. Once you have these in writing, you’ll find it a lot easier to navigate any negatives to prevent them from becoming too much of a problem.

For example, focusing on providing your team with the apps and data they need to do their jobs, and not worrying about which devices they use could make a big difference. This is the approach taken by Carol Fawcett, CIO of Dell's Software Group, who found this helped her to better manage her BYOD security and prevent data breaches.

Even small changes like this can make a big difference to your company. Your employees are probably using their own devices already, even if they’re just accessing company emails on their smartphones during their commute. Implementing a BYOD strategy gives you more control over this and allows for improved security and convenience.

What makes a BYOD strategy successful?

The number one thing you need to consider when it comes to a BYOD strategy is the balance between giving employees freedom with their devices and controlling how they use them. Dr Joel Snyder, an IT consultant with 30 years’ experience, has found this can really damage a BYOD strategy before it’s even off the ground.

You need to make sure your employees have safety and security in mind when using their devices. Password managers can be utilized to lock accounts unless biometric data like a fingerprint is available, so your company can be protected without inconveniencing your staff too much.

Professor Dror Fixler, CEO and co-founder of cybersecurity firm FirstPoint, recommends focusing on security at a network level rather than installing protective software on every device. While the latter is still useful, the former can provide the same level of security at less of a cost to your business, making it more practical.

Around 20% of BYOD policies fail and being too restrictive could be a significant contributor. Rather than focusing on what your employees aren’t allowed to do with their devices, it might be better to look at your exit policy instead. Have practices in place to wipe employee’s devices after they leave the company, and remove accounts from their personal devices. This effectively closes one of the biggest security issues with BYOD.

Data complications with BYOD

One of the most important considerations to take into account with BYOD is the security and protection of sensitive company information. If workers are using their devices for both personal and company use, they need to take the proper measures to protect their devices from malware and viruses, and have clear training to ensure that company data is protected. This of course will cost the company time, not to mention the additional support required from IT departments to secure information.

A further consideration is the backing up and deleting of data. For example, should an employee leave the company, there needs to be a reliable system in place for remotely wiping sensitive data, and of retaining any important information the employee may have on their device such as client information. There are measures that can be taken to remotely track information like Teamviewer and Chrome Remote Access, but businesses need to ensure that they obtain permission from employees before remotely accessing their devices, particularly when deleting content.

Smartphones and tablets should be just as secure as laptops and desktops. Certain security measures should be put in place before allowing BYOD access to your company network, such as remotely accessible pass codes, mobile data encryption software and remote management tools that can allow you to wipe or lock a lost or stolen device.

BYOD isn't as cost effective as you might think

While businesses may bypass hardware costs by embracing BYOD, they are also side-stepping scalable volume-discount opportunities, and are likely to be absorbing the majority of a monthly voice and data plan through expenses. This can often cost considerably more than the device or the plans they could obtain as a business by buying larger pools of data and minutes. Businesses also ought to consider their obligation to contribute towards insurance and other similar expenses related to that device.

Businesses should also be aware of the additional cost when it comes to installing work-related software and security systems designed to protect company-sensitive information. These BYOD security installs and ongoing maintenance need to work across the multiple devices, platforms and operating systems chosen by members of staff. Your IT department will have to account for additional time learning and implementing required security measures across a plethora of devices, as opposed to having one preferred piece of tech and a system that would require less time and re-education for your team to familiarize with.

The legal implications of BYOD

It’s important that when drafting your BYOD policy, you take into consideration that the line between personal and work use of a device can be a gray area. Your policy needs to be clear and concise on matters of privacy so that your employees can fully understand and give permission for you to remotely and automatically install security and other company software and updates on their devices. Furthermore, you need to be clear on how you plan to handle data and information in the event an employee leaving.

You must also consider the likelihood of employees downloading commercial applications that are outside of your company’s control. Your policy should address the use and storage of company data in apps like Dropbox to either prevent their use, or ensure that you have access to all work-based data. Paul Hill, senior consultant at System Experts, provider of compliance and security consulting services, suggests that when writing your company policy, you spell out the stipulation in exact language such as

employees should not store any company data on cloud-based storage services unless explicitly authorized in writing by a manager. It’s important to keep on top of and enforce your policies to best protect yourself and your employees in legal terms.

 

The growing trend of BYOD can be more convenient and often effective for your staff, however there are a number of costs and considerations associated with a BYOD policy that need to be carefully considered before being implemented. Take the time to decide whether it may be more cost effective to provide company devices or to allow BYOD, and if you do go with a BYOD policy, be sure to consider all angles before putting it in place.

Comments

Join the conversation...

Back To The Top!