If you own a business and allow your employees to bring their personal devices to work (known as BYOD) it’s vital that you have a clear policy your employees can easily understand. How you present your policy is as important as what your policy contains.
Rather than distribute the policy via email, hold a company-wide meeting at which you introduce the BYOD plan in a formal presentation. By holding a meeting, you can answer any employee questions and get a direct sense of how clear your policy really is. Distribute hard copies of the policy at the end of the meeting (if you hand it out at the beginning employees are apt to read it instead of concentrating on your presentation.) Include a signature page that clearly states the penalty for failing to adhere to the BYOD policy and require all employees to sign it indicating that they have received and understand the policy. Repeat this process at least once a year.
Here are the five most important things your presentation (and BYOD policy) should include:
IT and Security Considerations: Clearly state which devices and versions you will support. If you allow all devices — which according to BlackBerry is preferable — make sure you have an MDM solution in place. Outline password requirements and data backup procedures. Address the particular apps you will support and the security (anti-malware, virus protection) you require on each device. Illustrate how to access the company network and what type of encryption is required.
Legal Implications: Pay attention to employment law. Clarify who owns the work done on devices and what you can legally monitor. Employees often work more hours when they use just one device, which may bring up overtime considerations. Make sure you understand and communicate what you will do if you suspect employee wrongdoing.
Acceptable Use: Announce which employees are allowed to bring a device to work. Address issues such as whether their family members can use the device and if they can sync their device to their home computer. Let them know the procedure to follow if the device is lost, being clear about the party bearing the expense. Explain the proper use of corporate data and the consequences of policy violations.
Privacy: Be clear that data on the device can be accessed at any time and that there is no expectation of privacy. Instruct employees on the proper sharing of data, ensuring it occurs via the same method so that corporate data in not scattered across multiple data sharing sites and accounts.
Responsibilities: Your presentation should clarify the division of responsibilities between employees and the company throughout. However, it won’t hurt to repeat those responsibilities as a separate section of your presentation as this seems to be the area that causes the most confusion. You don’t want employees coming to you after a mishap and telling you they thought the company was responsible for data backup, for example, when, in fact, they were.
If you work for an organization that allows BYOD and there aren’t any clear policies, it’s a good idea to ask for clarification just to make sure that everyone is on the same page.
~ Lester Fraizer