In today’s digital age, most small to midsize businesses have addressed the use of personal devices for work in some capacity. If your company doesn’t have a formal BYOD policy, it’s time to establish one. And if you already do, it’s crucial to update it regularly as technology evolves.
A well-crafted BYOD policy helps protect your business by setting clear guidelines on security, data protection, and employee responsibilities.
According to a 2022 report by Zippia, 83% of companies had a bring-your-own-device (BYOD) policy, a figure that has likely grown as more businesses recognize the risks involved.
Anticipate broadly
A formal BYOD policy lays out detailed ground rules for how employees may use their personal devices for work and what role the company will have in supporting, securing and accessing those devices.
Most policies begin with a list of approved devices with acceptable security capabilities that the business can readily support. From there, be sure yours stipulates what happens to your business’s proprietary data on a device if the employee who owns it quits or is terminated. In addition, a policy should anticipate your response if a device winds up in various predicaments, such as it’s:
- Lost, shared or recycled,
- Synced on an employee’s personal cloud,
- Used on unprotected public Wi-Fi networks, and
- Hacked or otherwise attacked by a virus or malware.
Other issues to address or review include:
Payment or reimbursement. Some companies pay for a predetermined number of voice minutes and provide an unlimited data plan for employees’ phones, either directly or through reimbursements. Any charges above the stated amount of voice minutes are the employee’s responsibility.
Phone numbers. Who owns a mobile phone number is a big deal for some types of employees. Take salespeople, for example. If they leave to work for a competitor, customers may continue to call them — which could lead to lost sales for your business.
Access control. Your policy should require employees to set up their mobile devices to lock when left idle for a few minutes and require a passcode (or facial recognition) to unlock them. Where feasible, ask employees to use multifactor authentication to access certain software or data on your company’s network. This is where users’ personal devices come in handy: They can use their phones, for instance, to verify their identities along with entering a password.
Occasional security checks. Some businesses ask employees to periodically submit their personal devices to the information technology department for security checks that may involve reconfigurations or updates. Alternatively, you could ask only those who handle highly sensitive data to do so.
Address privacy thoroughly
Many employees worry that using personal devices for work gives their employers access to sensitive personal data. Your BYOD policy should state that the company will never view protected information such as:
- Privileged communications with attorneys,
- Protected health information, or
- Complaints against the business that are permitted under the National Labor Relations Act.
Your policy needs to also clarify how data stored on employees’ devices may be gathered if your company becomes involved in a lawsuit. Keep in mind that federal rules governing the production of documents during litigation, including electronically stored information, cover all devices — including personal devices that access a company’s network.
Remain vigilant
The negative financial impact of an outdated, incomplete or nonexistent BYOD policy can be severe. After all, the personal devices of your staff members represent multiple avenues through which hackers, employees or other bad actors could compromise your business’s data or network. Work with your attorney to review your current policy or create one if you haven’t already. Contact your Rudler, PSC advisor at 859-331-1717 to help you identify and analyze all your technology costs.
RUDLER, PSC CPAs and Business Advisors
This week's Rudler Review is presented by Josh Myers, Senior Accountant and Becca Thorman, CPA, CVA.
If you would like to discuss your particular situation, contact Josh or Becca at 859-331-1717.
As part of Rudler, PSC's commitment to true proactive client partnerships, we have encouraged our professionals to specialize in their areas of interest, providing clients with specialized knowledge and strategic relationships. Be sure to receive future Rudler Reviews for advice from our experts, sign up today !