BYOD Best Practices for SMBs

Mobility is here. Smartphones, tablets, even smartwatches are everywhere. And businesses of every size have instituted liberal “bring your own device” (BYOD) policies that allow employees to use these personal devices for work. A Gartner survey of CIOs found that approximately half of U.S. employers will have a BYOD policy by 2017. Already, 90% of small-business owners say that their employees bring at least one mobile device to work.

So what does that mean for small and mid-size businesses? Should they or should they not allow BYOD? Here are the pros and cons.

The Pros of BYOD

The positives of BYOD are well known and documented. Here are some of the top ones:

  • Enhanced employee productivity: When employees use their own laptops, smartphones and tablets at home or during their commutes, they’re generally happier. They get more done. They’re familiar with their devices, they know how they work and they can operate efficiently. And boosted productivity is a boosted bottom line. 71% of small-business owners felt this was a core advantage of BYOD – and the number-one reason to consider allowing BYOD.
  • Reduced costs: If an employee uses his or her own personal smartphone, it can mean less money out of your pocket. This can add up to significant cost savings – and saving money was seen as important by 63% of small businesses. See Figure 1 to see what small and mid-size businesses pay when they institute a BYOD policy.
  • Leveraging the latest technology: Your employees are eager to upgrade to the latest and greatest technology. They often do so on their own dime, which means your business gets the advantage of innovation without having to constantly upgrade your IT infrastructure.

Figure 1: What Small and Mid-Size Businesses Pay Under BYOD Programs

pie-chart_v2-01

Source: The SMB Group

The Downside of BYOD

But BYOD challenges exist, too:

  • Security: Research shows that the 56% of the small businesses that don’t allow BYOD are most concerned about security. This topic deserved a blog in its own right, but just consider: all it takes is one infected device to hook into your business network to compromise all the systems and data in your business. All it takes is one lost laptop to lose your customer contact list. For many small or mid-sized businesses, this is the showstopper: They just won’t risk it.
  • Lack of control: Will your business software and tools run with all the different devices and operating systems? How will you ensure that everything works seamlessly, no matter what device a particular employee happens to be using?
  • Potentially reduced efficiency: Employees may be tempted to use their laptops, smartwatches and tablets to check personal emails, social media sites and even play their favorite games on company time. Disallowing BYOD keeps business matters to the business machine, and personal matters outside the office.

Considerations When Implementing a BYOD Policy

Whether or not you allow employees to use their mobile devices at work now, or in the future, here’s what you should consider:

  • Perform a BYOD audit: Find out what your employees are using, and ask them why they prefer their own devices over those provided by the business. Decide if BYOD is for you by weighing the pros and cons.
  • Limit the use of BYOD: Not every employee should be allowed to use his or her personal laptop or smartphone for work. The honor – and it is an honor – should be restricted to trusted workers who’ve proven their loyalty and honesty.  
  • Institute passcodes and strict “timeouts” for devices: You should require all employees to have a passcode on their cell or tablet that activates as soon as the device hasn’t been in use for 30 seconds, 1 minute or 2 minutes, for example.
  • Define business and personal activities: Make sure all employees recognize which activities are business-related, and which are personal, and train them to keep them separate on their devices. For example, they should set up a filing system so that all business data goes into one set of folders, which is kept separate from personal data folders.
  • Decide on the level of access to sensitive company data: Will BYOD devices be allowed to access everything that people on the corporate devices can? Or will there be limitations? Keep in mind that you don’t want your most sensitive data being downloaded onto remote devices without any controls put on who can view or copy it.
  • Be clear about what apps are allowed: BYOD doesn’t necessarily mean BYOA when it comes to company data. You may not want people using certain apps or websites when they’re handling business-critical information. Be very clear about your corporate policy.
  • Create a written BYOD policy: Make it a part of your employee manual. Make sure all rules and regulations are spelled out, as well as the consequences of breaking them.
  • Make sure you can remotely delete sensitive business data: You need to be able to do this without the device owner’s permission. This gives you control over your company data should an employee suddenly quit or if a device is lost or stolen.
  • Discuss employee privacy: Employees often use their devices to check personal email, post to Facebook and store personal documents, photos, and music. You must make sure they understand that you still have access to the content stored on these devices. You should also discuss the location-tracking capabilities of these devices, which can give employers the ability to locate employees, since many people don’t like that kind of oversight of their movements.

A Balancing Act

BYOD is a terrific way to give your employees the flexibility to use the devices they prefer to do their work. But only you can decide whether to allow personal devices to be used in the office, and weighing pros and cons is a good place to start.

Start thinking about creating some guidelines today – and stay tuned. The problems and benefits of BYOD are likely to evolve as mobile technology marches forward.