While Canada may lag in certain technologies, it is a leader in supporting employee-owned devices in the workplace. According to a 2013 Sage SMB Survey on Mobile Devices, 83% of Canadian small and medium sized business owners find that using mobile technology improves productivity. 78 percent are using devices to access work related information. Regarding a “bring your own device” policy (BYOD), 45 percent say they have a policy in place.
Asking 3 important questions is important before organizations consider introducing BYOD into their workplace.
1. Does your organization have a solid IT BYOD policy in place?
For a policy to be effective, it must balance the needs of both employer and employees. For example, IT support cannot cut off employees from accessing all cloud-based services. Nor can they provide unrestricted access to any third party application. While cloud-based email and calendars are the most popular, more employees are using Software as a Service (SaaS) applications in their jobs. Mobile sales teams and professionals, rarely in the office, require access to sales, customer and payment processing applications remotely. The responsibility of IT staff is to ensure an organization’s data is secure and have a plan for lost or stolen devices. According to an Internet security study from Symantec, when mobile devices are lost and data is accessed, the average cost of the data loss is $250,000. Symantec also reported that companies with fewer than 250 employees accounted for 31% of all cyber attacks in 2012. IT staff must be diligent in monitoring users who actively use services like company email, virtual private networks, Intranet applications and customer databases from any device.
2. Have you been transparent and made your employees aware of your BYOD policy?
If you have a BYOD policy in place, employees need be informed that your company is monitoring data on their devices. You need to be clear that you are not interested in their personal data. Clarify what data will be monitored, what settings will be modified, how information will be used and how long it will be saved in your policy. Some companies use mobile device management (MDM) tools that put security configurations in place on devices and walk employees through each step. When using MDM tools, every effort must be made by the company to not intrude on employee privacy since the device remains their property. The goal is to find a balance satisfying employee and company interests. Companies with limited budgets might use less onerous mobile device auditing tools that report the status of device configurations. Employee responsibilities must also be laid out in the policy. For example, employees must immediately report lost or stolen devices, any suspicious activity and maintain the organization’s security settings on devices. These points outlining responsibilities need to be organized into a formal agreement and agreed to by each employee.
3. Plan and manage your BYOD and cloud strategy with outside help
Many small and medium sized businesses have a small IT staff, many of whom, wear many hats. The majority of SMBs do not know which third party services and applications their employees use to connect to their network. Third party companies that provide comprehensive IT assessments can help companies learn about vulnerabilities and develop sound BYOD and cloud policies for SMBs. For business owners, having such policies in places ensures that the company is protected while also pursuing cost savings and productivity goals.
Gartner predicts that by 2017, 50 percent of the global workplace will have BYOD programs in place. If your company plans to be part of this, consider taking your time to do a thorough IT assessment. SMBs that create a BYOD policy emphasizing protecting their data while also keeping their people productive, engaged and happy from anywhere will succeed.