Getting Onboard with BYOD Security: Part 1 Why BYOD Works

BYOD is a growing trend, here’s why it works for business

Bring Your Own Device (BYOD) programs are a growing trend in the workplace. A recent study by Evernote revealed 72% of employees already use a personal device at work and from a Syntonic study, 87% of companies expect employees to use a personal device for work at least some of the time. But employees using personal devices at work is a double-edged sword:

  • The safe side of the sword is that BYOD programs save money and increase productivity.
  • The sharp side of the sword is that using personal devices for work poses a real security risk to the company.

The good news is that mitigating those risks, while still reaping the benefits of BYOD, is easy. In this first post in a two-post series, we’re going to cover the whys of BYOD, in a follow-up post we’ll dig into how to get started with BYOD at your company. Understanding why BYOD is increasingly essential for businesses is key to implementing a successful BYOD security program at your company.

1. Can BYOD security save money?

According to a 2013 study by Cisco, employers can save as much as $3000 per employee per year by implementing BYOD. When employees bring their own devices and use them for work, those are devices you don’t have to purchase, manage, maintain, or replace.

You don’t need to worry about company mobile plans, getting new phones for employees, or dealing with policing how much data people use on their company phone. From the above-linked Syntonic survey, 69% of companies offer a stipend for using a personal device at work or help subsidize buying a device, others let employees use the work use as a tax deduction.

Regardless of how it works out in the end, the bottom line is BYOD saves money and starts delivering real ROI quickly. You save money as a result of not having to invest in company devices for employees, and you maximize your profits from the increased productivity as a result of happier, more productive employees.

2. Does BYOD makes employees more productive and happy?

If you already have a device you love and are familiar with using, why would you want to switch devices for work? People are more productive using technology and tools they are familiar with. With SaaS, cloud, and app-based tools throughout the enterprise, there is less of a need to standardize around a single computer, smartphone, or operating system. It makes sense to allow people to use their own devices at work.

Several studies say employees feel they are more productive when they have familiar technologies at work. But does this perception stand up to reality? In fact, it does. According to a study done by Frost & Sullivan for Samsung, employees gain nearly an hour when using their own device which adds up to a 34% increase in productivity.

Measures of employee satisfaction are harder to pin down, but several studies and discussions of BYOD all cite employee satisfaction as a key part of bringing in BYOD. One study showed BYOD increased employee retention 87%. Happier and more productive employees is great, but the clincher might just be that with or without you—employees are going to use their own devices at work and you need to get a handle on it.

3. Your employees are already doing it

Getting Onboard with BYOD Security: Part 1 Why BYOD Works 1

From Evernote to Gartner, surveys found 30-50% of employees already use personal devices at work—which makes sense given many employers encourage or require people to use their devices even without an official BYOD policy. Employees bringing in new devices into work is how BYOD got a foothold in the first place, but as all the studies linked here say, security is the number one reason companies are hesitant to start offering BYOD and on the flip side getting a handle on security is often why companies start BYOD programs.

Allowing something just because everyone is already doing it—even if people are happier and more productive—isn’t a great reason to start a BYOD program. If for no other reason, you should get a handle on BYOD for security’s sake before something happens. If you embark on a policy to accommodate BYOD, protecting your company network, data, and systems from hackers, malware, and viruses is critical.

Small to mid-sized enterprises are a massive target for hackers. There are more SMEs than any other kind of business and often SMEs don’t have budget or staff for IT security. Uncontrolled BYOD presents a risk to companies. Personal devices are already in your company and on your network, so mitigate the risk. The good news is getting a handle on BYOD and mitigating the risk is easy and cost-effective. Which is the final reason why you should embrace a BYOD program —getting started is the easiest part of the process.

4. Can BYOD security be easier with an MDM?

It’s easy to start offering secure options for BYOD at your company. In the next post we’ll get into the details, but here are the four steps you need to get up and running:

  • Set a BYOD security policy
  • Communicate employee expectations on the use of personal devices at work
  • Tell employees why you’re doing it and how it will help them do their jobs better (education)
  • Set up a mobile device management (MDM) system

BYOD policies let people know what is allowed (which phones, which operating systems , which apps), what everyone’s responsibilities are, and how BYOD will work at  your company. Expectations are both what the ground rules are for using personal apps at work and how to balance work with life outside the office. It’s very, very easy to check in with work on your phone outside of normal work hours so it’s important to set these expectations early on. It’s even easier to mistakenly send something private to everyone at the office…

Education is an essential part of a successful BYOD program. People need to be fully aware of the risks to a company if BYOD isn’t managed. No one wants to be the person who downloads an app that takes down an entire company. Helping employees understand about computer security and their role in preventing hacks makes getting people onboard much easier.

The final part of starting BYOD at your company is a mobile device management (MDM) system. An MDM is made up of two parts: secure apps that reside on the employee’s phones and an administration tool (usually web-based). The apps let employees securely connect to your network, email, and files. The administration tool lets you set policies for what people can do with company data on their phones. It’s important to let people know using an MDM protects their personal data as much as the work data. Workplace apps ensures that personal data doesn’t leak into company container (like accidentally emailing a client using your personal email address) and vice versa.

Up next: Advice on starting your own BYOD security program

In part two of our BYOD series we’ll dive into this last point—it’s easy to do BYOD security at your company—in more detail. We’ll cover creating your BYOD policies, setting expectations, security education, and how to choose the MDM that’s right for you. BYOD has taken off in the past 10 years and that makes it easy to learn from the companies that have done it already and see how to tailor a program that’s right for you.