8 Steps for Effective BYOD Policy Development
Successfully implementing bring your own device (BYOD) policies and avoiding common pitfalls starts with good planning.
You need to have a written policy that delineates the responsibilities of the employer and employees. Make sure that all parties read, understand, and sign the policy.
Here are our top 8 tips to follow when developing a BYOD policy.
1. Setup a BYOD policy team
Build a team with broad representation from the various departments within your office, especially finance, legal, and IT. This will ensure that all viewpoints, needs, and limitations are factored into your final BYOD policy. You might find that a one-size-fits-all approach won’t work at your office, but it’s better to figure this out upfront than after implementation.
2. Decide upfront how your company will support employees in the setup process and when problems arise.
For example, it might be a good idea to run training sessions so that everyone is able to effectively connect to your company’s network data. Also, you should have a plan for managing broken or malfunctioning devices. Will IT take care of them, or are employees on their own? In the latter case, you might need to outline some common self-serve solutions for malfunctioning devices. If employees choose to send their broken device to a third-party repair service, you’ll need to ensure that data is either removed or properly protected first.
3. Decide who owns apps and data.
In the case of a security breach, it may be necessary to wipe a device clean of all data. This could become a problem if there is irreplaceable personal data on the device. Be sure to educate employees on how to backup and secure their personal data, but establish the right to wipe devices if necessary in your BYOD policy.
4. Tie your BYOD policy to your acceptable use policy
You acceptable use policy will establish the ground rules for accessing websites such as social media on network-connected devices. Blocking social media outright is usually not the best option, because it can be used to forge valuable business connections. Outlining acceptable use protocols is a more balanced approach.
5. Setup an employee exit strategy
Have plan for recovering all sensitive corporate data from devices when an employee leaves. This needs to be stated upfront in your BYOD policy to avoid legal complications with employees who do not want to surrender their device for data removal. Be sure to have a mechanism for safeguarding personal data – whenever possible – during the data wiping process.
6. Be flexible
Technology changes. You should build a review process into your BYOD policy to ensure that you’re always maximizing the value of mobile devices while minimizing the security risks.
7. Build on what others have done
There are a lot of public BYOD policy templates out there. There’s no one-size-fits-all solution to BYOD – your policy will be shaped by your corporate policies and objectives – but here are some examples to get your started with your BYOD policy development.
- White House BYOD Toolkit for federal agencies
- A generic BYOD policy template from IT Manager
- BYOD polices for school systems from Capital Area Intermediate Unit
- A downloadable BYOD policy template from Tech Pro Research
- A very comprehensive mobile device acceptable use and security policy from wisegate.
8. Finally, don’t forget about security
Check out our blog post on addressing BYOD security concerns for more information.
BYOD with BullsEye
BullsEye UC is our office phone solution that lets users take calls, check voicemail, send instant messages, and manage call features through a VoIP connection from ANY device. Visit our website or download the BullsEye UC Overview to learn how we can support your company’s BYOD policies and mobilize your office.