Many companies have implemented Bring Your Own Device (“BYOD”) policies. For some, it has been years since they were put in place. Has your policy withstood the test of time? Employees are using their devices differently than they did five or six years ago, perhaps, even, two or three years ago. Maybe it’s time to look at your BYOD policy to make sure the advances of technology have not outpaced your policy.
- Software Updates
- What does your BYOD policy say about an employee keeping their devices up-to-date? Hackers have been able to take advantage of weaknesses in older versions of software. It is vitally important that all devices maintain the most up-to-date software updates. Ensuring all employee devices have the most up-to-date software fixes is a key component to maintaining a secure system.
- Jailbroken Devices
- Does your BYOD policy prohibit jail-breaking devices? Some device owners will “jailbreak” their devices to give them access to the software code on the device itself, modify the performance of the device manually, or install software the manufacturer wouldn’t otherwise allow. “Jail-broken” devices do not have the same level of security as non-“jail-broken” devices and ordinary software updates are not available. Jailbroken devices with access to a company’s system is a huge data risk.
- Strong Passwords
- Does the BYOD policy require that the employees use a passcode on their devices? Does it specify the strength required, 4 digits, 6 digits, etc.? Is a 4-digit random number enough? Certainly, a sequential series of numbers, such as 1-2-3-4, or a passcode with all of the same number, such as 1-1-1-1, is not secure enough. Does the language in your BYOD policy give employees requirements about how secure the password should be?
- Does your BYOD policy contemplate the employee using texts to communicate for business? Texts and chat software have become a popular method to conduct business. Does your BYOD policy acknowledge this method of communication? Does the policy speak to whether the business-related texts are the property of the company or the person?
- Data Collection for Litigation or Regulatory Purposes
- Does your BYOD policy give the company the right to collect data from a device used for company business? Many BYOD policies expressly give the company the right to remotely delete its data from the phone. But, many BYOD policies are silent on whether the company has the right to collect data from the phones in its obligations to preserve electronically stored information.
- Talking or texting while operating a vehicle
- Does your BYOD policy prohibit the use of devices while operating a vehicle? Does it require the use of a hands-free device? A company could be liable for an accident if an employee is talking or texting while driving. Your BYOD policy should address your company’s restrictions on use of a device while driving a vehicle.
These are only a handful of considerations when reviewing your BYOD policy to ensure it covers everything you need. The use of cell phones and other devices in business is constantly evolving and your BYOD policy needs to keep up.