So your employee wants to use his new iPhone5S to respond to work emails while on vacation. As an employer, you’re thrilled. You don’t have to pay for the technology (or the data plan), but your employee is now accessible to you and your customers twenty-four hours a day, seven days a week. How could this possibly be a bad thing?
Corporate BYOD (“Bring Your Own Device”) policies open the door to potentially wide-reaching problems. For starters, most BYOD policies are not policies at all, but simply a pattern and practice of the employer allowing employees to access corporate data on their personal devices. While the company may have certain data security measures in place, do the employees have those same security processes on their iPad? More often than not, the answer is “no.” By allowing employees to access corporate data without adequate security in place, the company might be leaving the front door unlocked and computers on without passwords.
Another serious concern with allowing employees to BYOD is what happens when the employee stops working for that particular company. Disabling their computer’s password and email access isn’t enough anymore to ensure that the former employee hasn’t taken gigabytes of corporate data with them. When an employee uses his own device for corporate purposes, corporate data will end up being stored on that device. Although the type of data can vary from customer contact information to trade secrets, it is important for the company to ensure that all corporate data is returned to the company at the termination of employment.
When done correctly, allowing BYOD can be a win/win for employers and employees. In order to ensure the level of data privacy necessary to protect your company’s trade secrets and other proprietary information, a written BYOD policy should be in place that outlines the level of security that must be on any devices that contain any corporate data, along with procedures for return of that data upon termination of employment.