As mobile devices continue to evolve become more critical to business success, many business owners are forced to answer this question. Do you allow employees to “Bring Your Own Device” or BYOD to work or do you provide “Corporate Owned, Personally Enabled” devices?
What are the risks with B.Y.O.D.? Here are 3 major risks for you to consider:
- An employee’s device that connects to your network could be a conduit for viruses, hackers, and thieves.
- If a device is lost or stolen, important corporate data could be compromised and you may have a legal duty to disclose the situation to your clients or vendors.
- If an employee leaves the company for any reason, they may be able to take company data and assets such as software with them.
So, what should a business owner do? As Colin Page, Esq, shared with our clients in May Lunch’n’Learn, in all cases, the employer owns the corporate data. However, if you are permitting employees to B.Y.O.D., it’s critical to have policies in place that cover the following:
- Clearly state that the information does not belong to the employee
- Establish guidelines on which apps the employee can or can’t use to access company data and specifically what data they can access
- Ensure that security updates are being installed on the devices and whose responsibility it is to ensure they done
- Configuring their devices for remote wipe in the event of loss
- Clearly define what happens in the event an employee leaves or is terminated including data and software ownership that may be on their device
We strongly recommend you consult with your attorney to ensure that you are complying with all state and federal laws in this area. Struggling with how to control BYOD devices in your business, give us a call. We’d be happy to consult with you and figure out the right direction for your business.