Welcome back to our series on BYOD implementation!
We've been focusing quite a bit on communication and training because, in our opinion, that's probably the most common source of problems when implementing a Bring-Your-Own-Device policy. Setting up a secure device-agnostic WiFi network is relatively simple on a modern network OS, but the human element can easily undo it.
Remember: A single Post-It note can theoretically cripple multi-million dollar security systems.
It's vitally important when establishing a BYOD system that you have clear policies, goals, and restrictions on usage. When properly laid out and explained to your workforce, you'll see far better results.
1 - Have a clear written policy with employee signatures required.
First and foremost, no matter what policies you end up implementing, they need to be clearly written down as business policy. This isn't an area that should be left up to individual interpretation. Lay out, as best you can, a document that establishes all policies, and make employees sign off on it before they're allowed to participate.
One important corollary: BYOD is new, and the technology is constantly evolving. This policy will not be truly "written in stone," because novel problems will come up. Someone in your office -probably your IT Manager- should be empowered to interpret and refine the policies as needed, based on situations as they arise.
2 – Define what is and is not “work appropriate” usage.
This is an area with a lot of leeway, depending on your business environment. Some offices can allow their workers to watch YouTube on breaks without it being a problem. Others may have to lock down access to all non-work sites to keep their employees on track.
Besides the obvious websites that have no business at all in your workplace – porn, BitTorrents, gambling, etc – we tend to recommend starting with lenient policies and only becoming more stringent if it becomes necessary.
A worker who can occasionally take five or ten minutes to distract themselves on a website will probably end up happier and more productive than one who's banned from all non-work websites. As long as it's only occasionally.
3 – Carefully outline and train on data handling policies.
Proper care and handling of data in a this environment is the most critical function to communicate and train for. Make no mistake: implementing this program will require some adjustments on the part of your workforce, because its ability to empower them brings with it additional responsibilities.
You should have clear policies on:
The legal requirements for data retention, storage, and deletion, along with processes ensuring they happen.
Never, ever storing customer information on a personal device. This must be a zero-tolerance policy.
Always maintaining a password, biometrics, or other secured access to the device.
Reporting lost or stolen devices to IT immediately.
Maintaining data awareness in their physical environment, such as never “jotting down” protected information like customers' SSNs... or their own passwords.
4 – Roaming and telecommuting usage.
Finally, if your device is part of a larger unified communications system, you should have policies in place on when it's acceptable – or not – for your workers to telecommute rather than coming into the office.
After all, in many cases it's now possible for workers to do their job from home, or from a cafe, or virtually anywhere else with minimum disruption. This makes their lives easier, and saves both you and them money.
On the other hand, if you're dealing with sensitive materials, even allowing workers to access them in public may be too much of a security risk. What if someone's looking over their shoulder, jotting down names and addresses?
BYOD Made Easy
Need more help? Hummingbird Networks is one of the west coast's premiere retailers of secure networks and systems. If BYOD is in your future, contact us today for a free consultation!