We’ll be at Compliance Week National 2024 in Washington, D.C., April 2-4. Learn more or schedule a time to meet with us at the show here.

#Article

Manage BYOD Risks with an Effective Mobile Device Policy


Manage BYOD Risks with an Effective Mobile Device Policy

Because smart phones are only as smart as their users

Posted by on

Yesterday I wrote about the not-so-smart things employees do with their smart phones and how today’s BYOD culture leaves employers open to risks associated with that behavior. While employers may be wary of the risks, there are many reasons to embrace the BYOD movement.

“The first thing that comes to mind is productivity,” says Sharlyn Lauby, a South Florida-based training and human resources consultant. “If I’m able to use my own equipment, I already know how it works.  I’m not trying to learn the company and the equipment at the same time.”

Since we know that employees often use their personal mobile devices to conduct work, and we know that the employer is liable for any illegal activity that occurs using those devices, let’s take a look at the steps employers can take to lessen those risks.

As this blog post’s title suggests, any attempt at reducing risk starts with a solid policy. And we will look at some of the elements of a good policy, but the best policy is only as good as its enforcement, and that is achieved through communication and training.

Personal vs Work

FREE Investigation Report Template

Prepare thorough, consistent investigation reports with our free report template.

Download Template

Today’s emerging workforce is accustomed to using mobile devices for every type of communication with family, friends and for business. They don’t draw the line between personal and professional use, the way previous generations did, so prohibiting personal communication at work doesn’t make sense and is bound to affect morale.

But employers are justified to be concerned about productivity when employees are using mobile devices for personal communication at the office. So this should be addressed in a mobile device use policy. Make sure employees understand that personal and work-related communication should be kept separate and that personal communication at work should be reasonable and should not disturb or distract other employees.

Security

When employees use their mobile devices for work it means that they take their jobs with them everywhere they go. They may be carrying around sensitive and confidential emails, documents, and messages that, if compromised, can expose the company to lawsuits. Ensure employees are aware of the sensitivity of the data they possess and employ measures, such as security apps and encryption, to protect the information.

Alongside requiring that employees implement screen locking on their devices, you may also want to consider installing a remote wipe capability, so that if the device does go missing, all information can be erased from it. If you decide to do this, it’s a good idea to include this in your policy and require that all employees using mobile devices for work maintain this capability on their phones. Make sure they understand that ALL information will be wiped, including information that is not work-related.

Legal Issues

Sexting can constitute sexual harassment when it involves coworkers or unwilling recipients. Ensure your policy includes information on inappropriate messages and refers to your company policy on harassment.

Include a policy on distracted driving. Make it clear that using a mobile device while driving is illegal and is ground for termination.

Ensure employees know that using their device for work entitles the company, or law enforcement, to examine the device and all the information it contains in the course of an investigation.

Training and Communication

Implementing a solid mobile device policy is a great first step, but training and communicating the policy is the only way to make it stick.

“Employees should receive training about what is expected of them – whether they use the company’s equipment or their own,” says Lauby. “Topics about internet security, company data confidentiality, and reporting accidents/incidents should be covered.”

And while creating a policy, training employees and enforcing the rules can be time-consuming and costly, it’s a lot cheaper than defending a lawsuit when a personal device used for work is also used to break the law.