BYOD Policies: Are Employees Protecting Your Clients’ Data?
The importance of a bring-your-own-device policy: Permitting employees to use personal mobile devices to fulfill their professional duties was common before the COVID-19 pandemic. Now, more employees are working from home than ever. More employees who previously did not use mobile devices on the job are expected to do so. Put simply, more business is done on mobile devices. Bring-your-own-device (BYOD) policies have never been more important for businesses looking to avoid the cost of supplying mobile devices yet still maintain adequate data security measures for confidential information. If employees handle sensitive matters and information for clients on mobile devices, some kind of device policy is a necessity whether it entails company-provided devices or BYOD. Failure to have any kind of policy could subject employers to liability for data breaches or disclosure of confidential client information by employees. Employers should consider whether their business is best suited for company-supplied devices or a BYOD policy based on considerations such as size of the company, cost, sensitivity of the data being handled, and other factors. Further, many companies with employees who are newly working remotely and using personal devices (e.g. administrative personnel) should consider updating existing policies that may be in place.
What Are the Advantages and Risks of BYOD?Compared to a company-supplied device policy, a BYOD policy offers cost savings while providing less security and control. Advantages
- Cost. With a BYOD policy, employers leverage existing personal mobile devices instead of purchasing new devices for employees.
- Better care and maintenance. Mobile devices are a necessity in modern society. Employees can be expected to take good care of their personal devices.
- Staying current. Employees upgrade their own devices as necessary, saving employers recurring expenses of keeping mobile devices up-to-date.
- Less security. Especially as companies grow, it becomes harder to monitor and enforce BYOD policies. Unregistered, private devices present a greater security threat from malware, and via threats over unsecured networks. If a company’s client is subject to a data breach and the company lacked sufficient data controls, the employer could be liable for the damages.
- Attrition. As employees leave, employers may struggle to find the means to ensure that sensitive information has been deleted from employees’ private devices.