The Case for a BYOD-Friendly Workplace: What’s Your Policy?
April 3, 2013 | By Bill Rosenthal, CEO, Logical Operations

Workforce productivity can increase by significant margins when a business allows employees to use their smartphones and laptops for work. As a result, companies worldwide are establishing BYOD (Bring-Your-Own-Device) policies.

The results can be impressive. For example, Intel Corp. announced in March that its BYOD policy generated about 5 million hours of productivity gains last year. This translates to 57 minutes per employee per workday. As of the end of the year the program supported 41 mobile applications and added 16 approved applications. The company built a private cloud that provides access to company services and information. 

Financial executives would do well to take a leadership role in making their companies BYOD-friendly workplaces. It isn’t unnecessary for the company to go to the cloud. All that's needed is to establish a policy that encourages the use of personal devices at work but also provides the safeguards needed.

The devices increase productivity because they allow employees to be fully effective anytime anywhere. With greater ease than ever they can easily access company documents, attend meetings, deliver multimedia assignments, collaborate with coworkers, share information, store contacts and manage their calendars. With more hours being devoted to overtime work, the potential for productivity gains during at-home work time is enormous. 

Employees certainly welcome pro-BYOD policies. Indeed, many resent prohibitions against their use of personal devices for work. Millennials in particular often consider use of their devices for work a right rather than a privilege. Many owners of personal devices feel a visceral attachment to them. They greatly prefer them to the company-issued product — not only because they chose them but also because company equipment isn't as current as what the employees own. People upgrade their devices much faster than businesses do their equipment.

Full-scale integration of personal devices into organizational systems, otherwise known as "the consumerization of IT," will be as transformative an event for businesses as the introduction of the first personal computers into the workforce was some 30 years ago. A quarter of Internet users now access the Web exclusively through mobile devices. Small handheld devices can now access a fully interactive website, including a full-length video. Wireless data delivery is now faster and more problem-free than ever.

Implementing a BYOD-friendly policy provides major advantages but it also raises the need to protect against the dangers of malware and loss of company secrets. Some BYOD policies incorporate into their policies language that protects the company from "error, fraud, misuse, alteration, theft, copyright violation and sabotage."

A company’s BYOD policy should consider questions such as:
  • Should there be a separate network designed solely for mobile devices? Under a separate network plan, employees sync their devices with the company network when they arrive at work.
  • What devices and apps are acceptable? Which of them can be used for the enterprise network and what kind of registration process is needed? The company's IT unit can develop the needed registration management software internally. Alternately, a mobile device manager package can support the process.
  • What happens with email passwords and access tokens when an employee leaves the company?
  • How to prevent unauthorized access to employees' personal information?
  • How to prevent access to the enterprise network by an unauthorized user or an authorized user with an unauthorized device?
  • How to prevent malware from infecting the mobile device and subsequently the enterprise network?
  • What's the best way to protect against the bypassing of passwords or the use of unsafe passwords?
  • How much should broadband be increased?
  • How should the company comply with regulations that may require written notification to users that their online activities are being monitored?
  • What happens when a personal device is lost or stolen? For example, how soon must the company be notified? Some authorities recommend that businesses require notification within one hour.

To protect itself the company must “force wipe” the data on a lost or stolen device. This will result in loss of the employee's personal data, such as irreplaceable family photos. Employees must understand, before they connect, that they’re vulnerable in this way. They also should understand that the company has access to their personal information — their apps, text messages, tweets, contacts, GPS records and Internet activity.

The company can now see what music and games have been downloaded and what parties the employee has attended. Some software separates personal data from business data and erases only business information — but it is not in wide use at present. It’s likely that future generations of smartphones and tablets will include screens that split personal from business data but they’re not here yet.

Employees also should understand that irresponsible use of devices — such as unloading an app from an unknown source — risks the integrity of their own devices as well as the company’s. It’s useful to appeal to the employees’ self-interest when establishing BYOD policies and communicating them.

Some businesses have created the position of chief mobility officer to create and monitor BYOD policies. Some are creating mobile shops that help employees connect their devices to corporate resources. Aiming for increased security, human resources staff members are sometimes prohibited from copying a file with sensitive employee information onto a laptop that they take home.

Eager to have their employees participate in BYOD programs on the company’s terms, some companies provide interest-free loans that help employees buy the devices. Others pay the monthly service fees for the products if the employees agree to let the company install security software that removes data if the equipment is lost or stolen.

The BYOD movement presents a teachable moment. It can provide enormous benefits but it also raises questions, large and small, and the chief financial officer must be a leader in the effort to address them.