Posted by Tony Abou-Assaleh on April 3rd, 2013

7 Things to Include in your BYOD Policy

Yesterday we shared a post on whether or not Bring Your Own Device (BYOD) policies are required in the workplace. While BYOD may be a hotly debated topic in the tech space, it is generally a shared belief that if you’re going to empower employees to use the mobile device of their choosing you need a policy. It’s important to give employees choice in the workplace but there also need to be firm guidelines and procedures to protect your organization and the information it’s responsible for.

Here are 7 things to consider when you’re creating a BYOD policy:

1: Specify what devices are permitted
While this may seem to take away from the spirit of BYOD, it’s important to set parameters on what devices you are going to be supporting from an organizational level. Different operating systems may have different security features or vulnerabilities. Also, since you will presumably be providing in-house support for mobile devices you need a system that your team is capable of working with.

2: Determine who owns information stored on the device
If a device is lost or stolen it will have to be wiped – what happens to employee property on the phone, including photos, music and apps? Ensure your policy clearly outlines the procedures around these events. While attempts may be made to recover lost data, employees should know that they are storing personal items on their phone at their own risk.

3: Provide a list of permitted apps 
Are employees granted free reign when it comes to downloading apps on the device? Employees should be explicitly told what apps are permitted, as well as those that have been blacklisted. Don’t forget to update this list frequently to stay current with changing technologies.

4: Decide on phone number ownership
Phone numbers can be valuable currency. As a sales person or a customer service provider, your phone number is a strong link between the organization and its customers. But the same number can also be important in a person’s private life. It’s the number provided to a dentist, lawyer and grandmother. So who owns the number when someone leaves the company? There should be a clear stance on this from the beginning.

5: Agree on a payment structure  
Whether your organization pays the entire bill, or gives a stipend for monthly use, be clear on who is footing the bill for the mobile device and it’s voice and data plan. Discussing this from the get go will save a lot of headaches and misunderstandings in the future.

6: Outline security requirements  
Be clear on what you expect when it comes to device security. Give parameters on password protection, including password length, special characters and capital letters. Define how long a device should be inactive before it locks. Include rules surrounding which devices are permitted access to your internal network.

7: Be flexible
While a BYOD policy can help protect your business, it’s important that you don’t treat it as a security blanket. Perform routine checks to determine how the policy is working, what needs to be changed and what should be scrapped altogether.

This list isn’t intended to be an exhaustive document on what to include in your policy. Rather, think of it as a good starting point for constructing a policy that works best for your organization.

Did we forget anything? Let us know in the comments section below.