BYOD Policy and Best Practices for When Employees Leave

Prevention is the best strategy to minimize your risks

Posted by Dawn Lomer in Ethics & Compliance, Human Resources on December 4th, 2013

The ‘Bring Your Own Device’ (BYOD) trend has been both a blessing and a curse to small businesses. Employees who bring their own smartphones, tablets and laptops into the office save companies money in equipment costs, maintenance and repairs. On the other hand, they create concerns about data safety and proprietary rights. Businesses must protect their information if the device falls into the hands of anyone who doesn’t currently work, or never worked, at the company.

A Gartner report on BYOD revealed that by 2017 half of surveyed CIOs indicate they will require employees to bring their own mobile devices to work. It’s a growing trend, and with it comes the need to develop BYOD best practices and a BYOD policy.

Set a BYOD Policy

The basic usage policy should cover:

  • File transfers and downloads
  • Password protection
  • Security patches and updates
  • User access
  • Calendar access
  • Third-party apps
  • Connection to work stations
  • Backup and storage
  • VPN and network services
  • Storage and usage costs
  • Discontinue use

For a sample BYOD policy, look at (scroll half-way down the page to Sample No. 2: “Bring Your Own Device – Policy and Rule Behaviors”). Some of the U.S. government agencies allow only BlackBerry devices, according to, but you may adapt it as a model for any device.

When An Employee Leaves

FREE Investigation Report Template

Prepare thorough, consistent investigation reports with our free report template.

Download Template

The White House’s policy includes a sentence that says that if the employee no longer works for them, he or she will allow the government to remove and disable government-provided software and files from it. This is easy to do if you and the employee part on good terms. However, this might be a different concern if the employee is laid off, fired or becomes disgruntled and quits.

Prevention is your best practice when it comes to minimizing your risks from BYOD. If you are too small to have an IT department, find a company that provides mobile device management software and/or services. Make sure your MDM system works with multiple platforms — Apple, Android, BlackBerry and Windows. Enterprise iOS offers a comparison chart of 30 MDM providers, which will help you understand what to look for in a service. MDM features might include:

  • Wi-Fi configurations
  • Passcode requirements
  • Remote wipe
  • Remote lock
  • Geofencing, which limits access to data based on the user’s location
  • User authentication
  • App management

BYOD Best Practices

Best practices include layers of security between your sensitive data and your employees’ devices, writes Lisa Schmeiser in Access to cloud-based data can be quickly turned off when an employee leaves the company, and some software programs prevent download of files to mobile devices. Talk to your cloud provider about how to “change the locks” between personal mobile devices and the cloud when an employee leaves.

If you use web-based email, instant messaging and data and content or case management systems, you can quickly disable access to these portals from your administrative dashboard.

BYOD In The Future

With more companies encouraging BYOD, it’s smart to take a preventive and proactive approach. Gartner says BYOD drives innovation because more users access technology through multiple devices. It also encourages worker engagement outside the typical 9-to-5 setting, and it facilitates telecommuting.

How has your company adopted BYOD practices and what advantages or challenges have you found?

Dawn Lomer
Dawn Lomer

Manager of Communications

Dawn Lomer is the Manager of Communications at i-Sight Software and a Certified Fraud Examiner (CFE). She writes about topics related to workplace investigations, ethics and compliance, data security and e-discovery, and hosts i-Sight webinars.

Book A Demo

To our customers: We’ll never sell, distribute or reveal your email address to anyone. Privacy Policy

Want to conduct better investigations?

Sign up for i-Sight’s newsletter and get new articles, templates, CE eligible webinars and more delivered to your inbox every week.