. true

More in This Category

Find an Insurance Agent

What to Know About Establishing a Bring Your Own Device Policy

The COVID-19 pandemic accelerated a rising trend at many businesses: the bring your own device policy. BYOD allows employees to use their smartphones, laptops, and tablets for work rather than those your company owns.

A bring your own device policy offers many benefits, especially for companies that require employees to travel, allow remote work, or operate primarily online and in the cloud. There are, of course, concerns—especially around cybersecurity.

To determine if a bring your own device policy is right for your business, let's review the pros and cons of a BYOD policy and then discuss a few ways you can implement a safe and effective one.

A brief history of BYOD

According to the Information Security Media Group, a collection of web publications covering information security news, computing giant Intel coined the term BYOD in 2009. Intel noticed that its employees had started bringing in personal computers and mobiles to do their work and decided to embrace rather than reject this behavior. Nearly a decade has passed since then, and BYOD is now used across businesses of all sectors, in no small part due to the ever-widening accessibility of smartphones.

Bring Your Own Device Policy Benefits

Tech sector news website ZDNet stated that business owners benefit from BYOD because employees can be more effective while working from home, during business trips, and commuting. Other benefits include

  • Company Savings—A BYOD policy can drastically reduce the (high) cost of new equipment, replacement devices, maintenance and repairs, and software upgrades.
  • Convenience—Employees won't need to juggle two (or more) devices during the workday. They can also choose their preferred device brand and operating system (think Android vs. Apple).
  • Efficiency—Employees need less training time because they are already "fluent" in the technology. And because people generally take better care of their personal belongings, you can rely on them to use faster, more up-to-date hardware and software..
  • Morale—A BYOD policy confers two intangible benefits: 1) it implies that you trust your employees, and 2) it shows that you respect their preferences.

The first positive effect BYOD can have is on the corporate bottom line. Companies spend less on devices, in-office tech infrastructure and software by having employees use their own computers and smart devices. Meanwhile, employees with more-flexible schedules and a choice in where they work may have increased morale, due to the absence of a structured professional routine and life beyond the cubicle. The better workers feel about their roles, the more efficiently and effectively they are likely to perform.

Bring Your Own Device Policy Risks

Company-issued devices can be expensive, but they give you control over the data and programs employees can access and at what permission level. Your IT department can manage cybersecurity software at will, monitor web traffic and restrict it, and, in case of a potential data breach, remotely "wipe" the device, destroying its data and preventing it from falling into the wrong hands.

If you implement a BYOD policy, your company won't have these security oversights by default. You must implement new ones and negotiate with employees about what security measures (which can be invasive) they will follow and accept.

During the pandemic, small business owners became increasingly concerned about cybersecurity—and for good reasons: ransomware and phishing attacks are now the preferred method of data theft by cyber thieves. Employee-owned devices used for work purposes may be more vulnerable to malware and less friendly to traditional IT support (since all will be slightly different).

People also tend, on average, to be less wary of cyber security when using a personal device. There is also the possibility that a disgruntled employee may share business data with a competitor. And finally, some employees may not own a laptop, tablet, or other device required to do their job.

Which BYOD Policy Works for Your Business?

BYOD or company-issued: what device policy is right for your unique business? Outside of government or organizations that deal in trade secrets, a ban on personal devices is rarely a good option. Your employees may resent it (or at least view it as unnecessary), and the benefits may not outweigh the cons.

But as we saw above, company-issued devices are expensive. New computers, phones, and tablets may not be within the budget of some small businesses. And regardless of policy, you must protect your business against cyber attacks, malware, and human error.

InfoSecurity Magazine shared an approach called COPE: corporately owned, provisionally enabled. Under these policies, companies own the phones, tablets, or laptops that employees use but impose fewer restrictions on device usage and may allow workers to pick their devices.

Mobile Device Management (MDM) and Enterprise Mobile Management (EMM) platforms let workers use their own devices but allow employers to monitor for intrusion or unauthorized employee activity. MDM provides limited monitoring and remote override capabilities, while EMM offers more control over devices, company applications, and network access.

Protect Your Business With Cybersecurity

Discussing device security best practices and cyber insurance requires more space than we have here. Every business needs both solutions, whether it follows a BYOD policy or provides employees with company-issued devices.

Why? A recent study by Selective and Appalachian State University found that only 20% of small businesses surveyed carry cyber coverage, even though 28% of data breaches are against small businesses.

Jeff Weaver, Assistant Vice President of Management Liability Insurance at Selective suggests taking a proactive, multifaceted approach to cyber security. Your first call should be to your independent insurance agent to discuss your cyber risks and how to manage them. Then talk to your IT department if you have one. If not, reach out to local cybersecurity consultants and companies for an assessment..

With a viable device policy and digital guards in place, organizations can save money, increase productivity, and protect themselves, their employees, and their data from the risks associated with BYOD.

Speak with an Independent Insurance Agent