Is BYOD A Threat To Your Business?
BYOD or Bring Your Own Device has been around in some form or another for many years. Whatever element of BYOD your business operates it is worth considering the hidden costs and risks that this policy throws up.
What Is BYOD?
Bring Your Own Device is a policy usually adopted to keep IT purchase costs to a minimum - especially in new start-up businesses. A large majority of people of working age will own a laptop, smartphone and possibly a tablet computer and these devices can easily be configured to send and receive company emails or be attached to company servers to allow the user to use their own device(s) for company business. Some companies even offer a grant to employees to source their own IT kit. Although for many businesses this can be a calculated and deliberate policy there is also a chance that your employees are using their own devices without your knowledge - to check emails on their smartphones for instance. So what are the main threats posed by BYOD?
Mixing Business With Pleasure
We've probably all been there - sending an email by accident from the wrong account but the chances of this happening can be greatly increased by BYOD. It could be very easy to send an email meant for a friend to an important client or to email that client from a personal email address and both could easily damage that relationship or at least lead to some uncomfortable questions on Monday morning.
Working Time Directive
The law says that workers shouldn't have to work more than 48 hours in one week unless they have opted to do so. So what is work and how can you track it when a BYOD policy is in place? It could easily be argued that answering work emails over the weekend could be classed as working and staff are more likely to do this when faced with a client email sent outside of working hours - even if the sender doesn't really expect a reply until Monday morning. This makes tracking the amount of hours your staff are working really difficult. Of course this can happen when a company supplies the devices but it is much easier to enforce a 'phones off' policy when the device is only used for business.
So you want to protect your business against viruses and security breaches - of course you do - but is your BYOD policy going to render all your efforts to do so completely useless? Well the answer is probably "yes". We can all do silly things when it comes to our own personal devices, such as switching off Microsoft updates following 'that boot-loop incident last year', letting our ant-virus subscription run out or downloading some unwanted programs whilst trying to stream the latest movies from an illegal download website. If you still believe it is a good idea to introduce personal laptops into your business IT ecosystem knowing this then you are asking for trouble.
Loss Or Theft
Leaving your mobile device on the train or having it stolen on a night out can happen to anyone. This risk can be managed and minimised when devices are company-owned. But try explaining that you will need to encrypt the hard drive on your staff's personal laptops to guard against losing sensitive company data or that you will need to throw the 'kill switch' on their mobile phone because they left it in the pub last night. They might be confident of getting the device back but you just can't take that risk.
Why can no one else in the office read the head of marketing's quarterly report on Social Media performance? Well, because he's a 'creative' and insists on using his smart new Macbook for writing all of his company documents. The trouble is that everyone else is using Windows and Office. Of course documents can be converted but multiple conversions and re-conversions make for a collaboration nightmare - especially when three or more people are trying to contribute to the same document on different software.
Having business issue IT kit makes sense for the same reasons that schools have uniforms or that your company logo appears on all of your stationery. Your brand and corporate identity is represented everywhere your staff go and, although your head of sales is incredibly attached to her five year old laptop it has probably seen better days and causes an acute sense of embarrassment whenever it gets taken out at client meetings. Also it is probably not good for morale to generate a mini arms race in the office where some staff can afford the latest and greatest Ultrabook but others have to make-do with older and inferior kit. Uniformity of IT devices eliminates both of these issues but is virtually impossible to achieve with a BYOD policy.
Software licensing is a minefield at the best of times and businesses could find their employees are using software for purposes outside of the licensing agreement when BYOD is enforced. This is probably down to a lack of education or understanding about what the terms of licensing actually mean. One major example of this is Microsoft Office where the 'Home and Student' edition is expressly stated as being for 'non-commercial' use.
The final problem we will discuss in this article is usually caused by allowing 'non-techies' to choose their own specification machines under a BYOD grant scheme. When purchasing a laptop or other device from high street or online retailers consumers are faced with a bewildering array of makes, models and specifications and it is unrealistic to expect staff to make the right choice every time. In fact it could be tempting for staff to scrimp on their business laptop to have a little left over to put towards something else. This can mean that the kit they purchase isn't actually up to the job required of it during the working day or even that it breaks down sooner than expected due to inferior parts.
Although we have talked at length here about the threats that can be caused by a BYOD policy there are benefits too - in particular start-up cost-savings - but we believe that the benefits are too limited to outweigh the potential risks and that BYOD should be avoided (or abandoned at the first available opportunity) by businesses.