“BYOD” stands for “bring your own device,” the practice of allowing employees and contractors to use personal devices, such as laptops, smartphones, home computers and tablets, to conduct the organization’s business. The May 2012 Juniper survey shows that nearly nine out of ten business users, often referred to as “prosumers”, say they use their personal mobile device to access critical work information. This trend demonstrates a blurring of personal and professional technologies and creates significant concerns for management because it raises the question of liability. Many employees circumvent their employers’ official mobile device policies in the practice of BYOD, and the practice also leads to more frequent security breaches due to lost or stolen personal devices.
For these reasons and others, a thoughtfully drafted BYOD policy should:
- Address ownership and control of business data,
- Privacy expectations for personal data
- Security requirements
- Procedures for lost and stolen devices
- Exit procedures
- Consequences for violations of the policy.
Is a “NO BYOD” policy the answer? Perhaps, but consider that according to the same survey, 41% of over 4,000 mobile device users admitted to using their personal device for business purposes without company support, so having a policy addressing this issue is critical for reducing your business’ liability.