Top Considerations When Building BYOD Policies

Wednesday, February 10, 2016 by Eric Robinson

In a recent article, my Kroll Ontrack colleague Vikas Pall wrote about the growing concerns over bring your own device (BYOD) policies. Today’s employees integrate their personal and professional lives, and the use of personal devices for day-to-day employment duties has become ubiquitous. The days of doubling up on devices—one personal, one professional—are over, with BYOD policies emerging as the most enticing option for employees and companies.

While there are many advantages to BYOD, taking on the ambiguities and complications that can come with having employees bring their own devices to work can be a risky move if an organization fails to put a well-planned policy in place. In his article in ILTA's Peer to Peer magazine, Vikas outlines the top things to consider when building a BYOD policy.

#1: Assess

Crafting a well thought out BYOD policy is the key to fully utilizing its benefits, but a perfectly planned policy does not appear overnight. A policy must be effective, relatively simple and easy to follow for end users and the IT department. Communication across departments is the best way to make sure all bases are covered.

#2: Plan

Once the broad framework is in place, it is time to finalize the details of the policy. From Android to Apple phones to tablets and wearables, defining exactly what is meant by “bring your own device” is critical. Companies should be device-specific, or limit the devices, and establish a clear service policy for the list of approved BYOD devices. In the midst of planning the functional aspects of a policy, it is equally important to address employee exit strategies. BYOD policies should reference the company’s separated employee process and vice versa.

#3: Implement

To prevent data breaches or corporate hacks, specify what kinds of corporate data may be accessed on which devices and implement mobile device, data and app security measures in your BYOD policy to protect company data and confidentiality. BYOD policies should also touch on preservation and discovery in litigation. Companies can get ahead of failed preservation efforts by adding BYOD data to their ESI data maps and issuing legal hold notices to address what content must be preserved.

#4: Iterate

Companies should regularly audit the effectiveness of their BYOD policy. Look at what new technologies are available and whether they should be supported. Review the current policy points to see if anything wasn’t adopted or could be improved. BYOD polices will continue to evolve with technology and the workforce.

Be sure to read the full article, From Blurred to Secured: Four Steps to a Better BYOD Policy, for a more in-depth analysis of best practices for bring your own device policies.