Making a BYOD Policy Matter


Thought Leadership

Making a BYOD Policy Matter

Zix Staff

We’ve been hearing a lot of stories recently about how time-pressed staff try valiantly to keep companies efficient despite the difficulties of communicating quickly and effectively in our competitive and often understaffed business environments. We hear of staff using file sharing, personal email accounts, USB drives and DVD ROMs sent through the mail. The other day for example, we heard about nurses in a hospital who communicate with each other via SMS (Short Message Service), a ubiquitous but unencrypted way of sending texts.

The chances are their hospital and all the other business mentioned above have corporate policies for using mobility devices, and the staff have probably read these policies – albeit quickly – and signed the user agreement. The trouble is, in each case the corporate IT, HR or legal representative who wrote the policy probably did not have a good understanding of the complexities of using mobility devices in the workplace. Employees always find a way to keep businesses going not least because their customers or patients rely on them, but also because they themselves would like to remain employed. So who can blame them if their employer has a mobility policy that has been poorly conceived?

Mobile Device Management (MDM) has often been hailed as the ideal solution for managing BYOD in the workplace, however research into user acceptance shows that many if not most employees believe that MDM solutions are misused by employers to track their location, read personal emails and view the personal applications enabled on their BYOD device. Mostly these fears are unfounded, however we do know of one senior executive who admitted tracking the whereabouts of a young lady, yet when challenged was wholly unable to recognize that he was behaving unethically.

Not only do employees fear privacy intrusion, they also find using MDM solutions cumbersome. For example, over 90% of BYOD users disable the auto-lock security feature because it interferes with their ease of use.

Therefore an effective BYOD policy must be grounded in reality and must have the general understanding of, and agreement from the employees who will be using their BYOD devices. It must be understood that the relationship between employer and employee is – for most people – asymmetric. This means that the employer has the power to compel employees to sign a bad BYOD policy. With a good BYOD policy however, employees will understand that this is an opt-in decision, that they may need to relinquish some control over their personal devices, and that their privacy will be protected to a degree that a reasonable person would find acceptable.

Find out more here.