Bring Your Own Device Policy

/Bring Your Own Device Policy
Bring Your Own Device Policy 2018-09-11T12:37:53+00:00

With new personal devices entering the market almost every day, a Bring Your Own Device Policy (BYOD) gives you some control over how your employees (and contractors) use those devices when they access your organisation’s IT infrastructure (including the data that it holds). You typically store high-value data in your organisation’s IT infrastructure (confidential information or personal data), so it’s very important to control your employees’ access to that data. You need to decide what requirements you want your employees to comply with, including what devices you will allow them to use, what data they can access with those devices, and how they keep those devices safe (encryption and password-locking, for example). Once you’ve decided all of this, you can use the Bring Your Own Device Policy to set it all out for your employees.

You may have also heard of a similar policy called the Device Usage Policy. The main difference between these two policies is that the Bring Your Own Device Policy applies to personal devices your employees own, while the Device Usage Policy applies to the employees’ use of your organisation’s devices.

Why is it the Bring Your Own Device Policy important?

A Bring Your Own Device Policy is important because many organisations are opting to let employees bring their own devices to the workplace. Without the policy, you will not be able to properly regulate how they use their devices in accessing your IT infrastructure and any important data you have stored on the infrastructure. By not having the policy, you risk your employees causing a data breach in your organisation.

Data breaches are potentially expensive, because of the reputational damage your organisation can suffer (your organisation can suffer reputational damage if the public believes that you don’t protect their rights). Data protection regulatory authorities can also issue you with regulatory fines for failing to protect personal data. Suffering these losses would defeat the very purpose of allowing employees to bring their own devices. It’d mean that you are no longer:

  • saving costs (your organisation saves costs by avoiding the added expenditure of buying devices for employees); and
  • increasing productivity (employees likely find it more convenient to use their own devices to access your IT infrastructure).

How does the policy work?

The policy sets the requirements that the devices need to comply with in order to access your organisation’s IT infrastructure, including the following:

  • encryption – encrypting the devices
  • password-locking – password protecting the devices
  • standard software – installing company software on the devices to better manage them

The policy also imposes minimum usage standards, including the following:

  • protection guidelines – taking reasonable steps to protect the devices against theft, damage or loss
  • incident reporting – reporting to the organisation as soon as possible in the event of any theft, damage or loss
  • backing up the data stored on the devices as frequently as possible
  • up-to-date software – keeping the software that runs the devices as up to date as possible, including any anti-virus software

What devices does the policy apply to?

The policy typically applies to the following devices:

  • computers – such as a desktops, laptops, tablets or smartphones
  • communications devices – such as a cellphones, modems or mobile data cards
  • removable storage devices – such as memory sticks, external hard drives or SD cards
  • other storage media – such as an optical or magnetic disks

Actions you can take

  • Protect your confidential information and regulate how your employees use their devices to access it by asking us to draft a Bring Your Own Device Policy.
  • Limit the risks of non-compliance with data protection laws posed by your employees by asking us to draft a Device Usage Policy.
  • Comply with information security standards by joining our Information Security Compliance Programme.
  • Be alerted to any new developments by subscribing to our newsletter.

Interested?

If you are interested, please complete the form on the right or enquire now. We will contact you to find out more about your requirements and give you a quote.