Welcome to the World of ‘Bring your Own Device’

By Hamish Fraser, Partner, Truman Hoyle Lawyers

Do you remember the technology of 2005?  Chances are you don’t, or at least you’ll be surprised at how far things have come in the last 6 years.

Mobile telephones were small and getting smaller and were mostly used to make phone calls or send text messages.  The cutting edge Blackberries let you receive and tap out emails on the road.  The iPod Nano was a 1 gigabyte marvel.  Personal computers ran Windows XP. Myspace was the hottest thing online.  Second Life was certain to be “the next big thing”. There was no Facebook.  There was no twitter.  There was no touch screen in your pocket.

Google Earth let people see their world in a whole new way, Google Maps wasn’t.  Mobile internet was unreliable and slow – if it was available at all.

The workplace tended to supply you with a more powerful computer than you had at home (who needed all that power at home) and if you travelled, you had a laptop and a mobile phone as well.

Today, most of us carry a smartphone for our personal use.  Perhaps in addition to our work phone, or maybe it acts as both (and it’s the same number you’ve had for 10 years!).  People are also buying tablets for their personal online content consumption as well as modest user generated content.  These devices are wired into a wi-fi network, or if there’s none, a high speed mobile data network and have mobile plans to cope with data needs that were unheard of in 2005.

In my family of 5, we have 10 3G devices and 20 wi-fi devices (some are both).  I will frequently sit at home with my family after dinner to watch a show on TV, with all of us also using laptops and possibly mobile phones at the same time (up to 16 screens!).

In a curious twist of fate it is the personal use of these devices (particularly some of the more powerful or ‘sexy’ ones) that is applying pressure back into the workplace to enable employees to use them for work use as well.

Welcome to the world of Bring Your Own Device or BYOD.

Compared to the rapid change in personal computing power in the last 6 years, Corporate IT departments and their associated use policies, tend to move more slowly or at least try to (and usually with good reason).  In an ideal world a business’ hardware and software would be “locked down” for ease of maintenance and security and employees wouldn’t use Facebook or tweet on the job.

Clearly we don’t live in an ideal world.

Rather than fight this wave, or at least in response to it businesses are embracing, or at least considering, BYOD and allowing employees to use their own devices to connect to corporate IT infrastructure.  Indeed BYOD can have many benefits, including cost savings and flexibility of employees that are always connected as well less exposure to hardware and software obsolescence and, hopefully, happier employees!

But BYO computing introduces new challenges.  Such as:

Security of corporate information: 

  • What data does your employee have on his or her tablet?  Possibly a lot!
  • How can you protect that data?
  • Can it be cleared remotely if lost or stolen?
  • How do you educate employees about that risk and manage it?

Privacy of personal information:

  • Where is the line between what’s the company’s and what’s the employees
  • What happens when they leave
  • What about any inappropriate content.  It might be OK at home, but not at work…
  • Can the employer access it to retrieve or check data

Ownership of device:

  • Usually this is easy, but what about the information on it or “cleaning it when they leave
  • What happens if work subsidises the device?
  • What about FBT or simple deductibility?
  • Who has to insure and maintain it?
  • Who must obtain software licences

All of these issues are manageable if they are properly thought out in advance.  The biggest problem we face at the moment is they simply are not as this change is happening so fast that we barely have time to stop and think about these things.  Every now and then though, we need to.

Before you allow your staff, even the CEO, to BYOD, you should as a minimum ask yourself the questions above and based on these answers, draft a suitable policy.

To wrap up I recommend any company considering BYOD adopt the following steps:

 1.             Will you allow BYOD (you may have no choice)?

2.             If you will, what functionality will you allow users to have. If it’s just email, have you thought about document storage or finance data?  Again you may at this stage have no choice.

3.             If you give full access, confidential information is now on the device, how will you manage that risk?  Will you buy security software to remotely wipe it or make the employee liable for any loss?  Both are difficult, but can you afford to just “chance it”? If the answer is no, then you need to decide what you will do.

4.             Do you want the right to monitor the device including reviewing and perhaps deleting their content at any time or only when they leave?

5.             Once you have answered the questions above, draft a policy that is consistent with your answers needs to be prepared and then make sure your staff understands it.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s