Where mobile devices are concerned, security comes first. This is one of the key objectives when crafting mobile device usage policies – securing your organization’s intellectual property. When employees are using their devices for personal communications, security can be in play.
A mobile device usage policy that works clearly defines the responsibilities of both the organization and the employee. This serves to safeguard your company or institution against liability. Limiting exposure is a key part of your risk management strategy too, with mobile usage being a crucial factor.
Any policy enacted should also be crystal clear about types of devices in play and applications. By being up front with your employees, you’re building good fences and defining their roles in security awareness, their responsibilities to the company and themselves and ensuring they understand what constitutes permissible use.
BYOD is becoming a primary means for organizations to cut mobile costs. But this type of measure comes with some caveats you should consider.
BYOD? Some questions to ask.
The increasing prominence of BYOD (bring your own device) measures means it’s a contemporary focus we can’t ignore when discussing mobile device usage policies.
One question is whether you should forbid the use of specific applications. Perhaps a more proactive approach is to provide BYOD users with a list of applications supported by your mobile device systems and policy. There’s a positive psychological advantage to not telling employees, outright, what they can’t do. Telling them what they can do may be more useful.
Ultimately, though, limiting the use of apps on personal devices can be difficult to police. What’s preferable is that you clearly define user responsibilities to your organization in your usage policy.
Your customers and associates come first. There’s no question of that. When considering BYOD measures, it’s important to deconstruct them in terms of potential security exposures which may impact these top layer relationships.
What if the device is lost or stolen? What are the protocols you have in place to achieve erasure of data and lockdown? It’s difficult to pick and choose in instances where the user has a mix of business and personal facilities with little distinction.
This is an important consideration when looking at BYOD, especially in confrontation of the fact that it’s not legal to delete an employee’s personal contents/data.
Again, with lost or stolen devices, responsibility should be clearly defined in your policy. Is your organization responsible for replacement? The employee? Is the responsibility shared? What about damage or repair? Clear guidelines help avoid unfortunate misunderstandings that can cost you goodwill and productivity.
Good fences. Good neighbors.
With the rise of BYOD, it’s incumbent on organizations to not only clearly define their policies in this regard as part of their mobile device usage policy, but to engage in ongoing dialogue with employees about them. Fostering understanding of any given policy is a key predictor of its success in the organization.