BYOD doesn’t stand for Bring Your Own Disaster, though some IT workers would beg to differ.
Allowing employees to bring in and use their own personal devices (primarily smartphones, but also tablets and laptops) for work is increasingly popular, and employees and employers are discovering that BYOD isn’t exactly what they expected.
Meanwhile, some IT specialists nod, having predicted some of the problems, but would anyone listen? If your company has, or is considering a BYOD policy, here are seven potential disasters you need to consider.
” … and it only took one ream of paper to print out the entire BYOD policy!”
1. Risky Use of Cloud Apps
Businesses love the cloud, except when they don’t. Many companies blacklist certain cloud apps to keep a wall of separation between personal and business usage of devices. Some of the most reviled consumer cloud apps are things like Dropbox. While spectacularly convenient for workers (a quick photo of a PowerPoint slide replaces much frenzied note-taking), it’s all too easy for corporate data to end up in a consumer cloud app. Blacklists have to be somehow monitored, enforced, and updated frequently as new apps are developed.
2. Reluctance to Report Missing Phones
When an employee BYOD item disappears, a full remote wipe takes care of things, deleting critical data quickly and thoroughly. Easy-peasy-lemon-squeezy, right? Bzzt! Wrong. You can probably easily think people who are always misplacing phones. Maybe you’re one of them. The problem is, people want to make sure their devices are really, really lost before reporting them. Your BYOD policy has to be clear about reporting missing devices immediately, not a week later when someone has finally given up finding it and it could have passed through multiple “finders.”
3. Compliance Problems With Federal Regulations
A June 2013 survey found that 35% of IT leaders and 25% of IT professionals overall lack confidence in their BYOD policy’s ability to comply with data handling laws like HIPAA, Dodd-Frank, and Sarbanes-Oxley. If your organization falls under these regulations, your BYOD policy has to be up to scratch. Consequences for falling out of compliance with federal regulations can be painful. Your organization could face fines, criminal penalties, and probation periods spent under the watchful oversight of the relevant federal agencies.
“Subject is opening a pack of gum. It appears to be spearmint.”
4. Overtime Pay Issues
BYOD can increase employee productivity. However, you have to be careful about the blurring of the lines between work time and personal time, particularly with employees who are paid hourly. Back in 2010, a Chicago police officer in the Organized Crime division sued because he was expected to respond to off-duty calls and emails on his PD-issued Blackberry when he was off the clock. The officer alleges that, as a nonexempt employee, he should have received overtime pay under the Fair Labor Standards Act for handling the calls while off-duty. It ended up being certified as a class action lawsuit and is still in litigation.
5. Expense Report-Palooza
Organizations don’t always see the big cost savings they expect from BYOD. When employees submit expense reports for their smartphone used for work, they can be tempted to expense everything they can. Even when BYOD policies clearly state otherwise, employees may try to upgrade phones, accrue huge international calling charges, or get reimbursed for hefty termination fees hoping Finance won’t notice. Stipend caps can help, but face it: people are going to put in for the maximum reimbursement they can get.
6. Eroded Trust Between Employees and Employer
BYOD sounds like something that would build trust between employees and their employer, but that’s not always the case. Some BYOD policies are strict enough that employees may think they’re giving up too much in terms of privacy to make participating worthwhile. Eroded trust can result in lower employee morale, which can eventually escalate into serious workplace conflicts, and even litigation claiming privacy rights violations.
7. Overtly Malicious Acts by Disgruntled Employees
There will always be a few people who choose to take company-confidential information with them when they leave for a new job. While disallowing BYOD won’t stop this, companies with BYOD policies give employees another easy way to get away with unethical practices like stealing company information. By sending information in text messages, unethical employees make it hard to track data leaking out of one company and into another. Since text messages appear only on the phones and not on the corporate network, this type of information theft is hard to track.
If your company has a solid, yes-we-thought-of-everything BYOD policy and sound IT asset management backed by great software like Samanage, it will have a much easier time keeping track of employee-owned devices that connect to the corporate network. Go into BYOD with a plan and strong policies, and you can avoid a lot of the problems that lax BYOD programs court.