How to Manage BYOD (Without the Headache)

With smartphones as accessible as they are, it’s no small wonder how company-only policies have all but faded into obscurity in the workplace. Whether you allow it or not, you can bet that your team is using their smartphones to get work done, whether it’s checking email from their couch or sending you a quick DM. In other words, you need a Bring Your Own Device (BYOD) policy, as it is practically the new accepted standard.

Here’s how you can keep the flexibility of BYOD without it turning into a total nightmare for your business.

The Distinction Between Security and Privacy

First, let’s address the “creep” factor. Your employees don’t want IT in their business, and that’s totally understandable. But it’s important to establish what a BYOD arrangement needs to do versus what it doesn’t need to do. Here are some things that a BYOD policy can and should allow:

Establish Managed Apple IDs and Android Work Profiles

With these managed profiles in place, you basically have a digital sandbox where you control data inside the accounts, but not outside of it. This lets your employees keep their personal lives private.

Know the Kill Switch Policy

Make sure your team knows that you can wipe business data remotely should a device ever become lost, stolen, or compromised. Emphasize that it won’t touch their personal files; this should help people get on board.

Implement a Minimum Bar for Entry

You can’t have unsupported devices accessing company data, so make sure that every device that has access meets these specific criteria:

Set Up OS Versioning

Any device must be running one of the last two major OS releases.

Use Biometrics and Passcodes

You can’t expect a device that can be unlocked with a swipe to stay secure. You need FaceID, TouchID, or complex PINs.

Have a Rooting/Jailbreaking Policy

Any device that has been rooted or jailbroken cannot be used to access company data. If the device’s built-in security has been compromised, it stays off your network.

Mobile Device Management (MDM) vs Mobile Application Management (MAM)

Next, think about how much control you actually need. You can choose between:

• Mobile device management - Total control over the hardware. Great for high-security industries, but can feel heavy-handed for casual users.
• Mobile application management - You only manage specific apps like Outlook or Teams. This is often the sweet spot for BYOD because it protects the data without needing to own the entire phone.

Your BYOD Checklist

If you want a strategy that has teeth, you’ll need to include a formal acceptable use policy that sets legal expectations for what is and is not okay on company time. We also recommend you implement zero-trust access to ensure that the user verifies their identity whenever they log in. Furthermore, make sure you have a documented exit strategy for offboarding any device when an employee leaves your organization.

Reframing BYOD

It’s crucial that you and your employees don’t view BYOD as a restriction; rather, it’s a containment of potentially harmful factors. When you make the shift from securing the device to securing data, you’ll get a more productive team and far fewer security issues to deal with.

One final tip: You’ll have a greater legal standing as far as BYOD is concerned if you offer to pay a small portion of your employee’s data plan. This can go a long way toward ensuring better policy compliance.

Want assistance with implementing BYOD? We can help! Reach out to us at (603) 499-4400 to learn more.