Tactical Advice

Strategic BYOD Best Practices to Help Minimize Risks

Rules for employee-owned devices should be put in place before opening the floodgates.
Strategic BYOD Practice Tips to Help Minimize Risks
Credit: iStockphoto/ThinkStockPhotos

In today's business world, a can-do approach yields a seat at the table; a naysayer approach gets you cut out of the process.

People are constantly connected: to their office, to their families and to their social networks. Their desire to do and have it all is perhaps outpaced only by expectations of others that they be accessible and responsive to a greater degree than ever before.

While some organizations issue company-owned devices, many are allowing their employees to use their own devices to conduct business, which is known as the bring-your-own-device trend (BYOD).

How big is BYOD? A 2012 Aberdeen survey found that 80 percent of respondent organizations now allow employee-owned devices to be used for work. In 2008, that number was 10 percent.

But the potential legal risks associated with BYOD, including privacy and electronic discovery concerns, are giving some companies reason to pause.

If your company seeks to explore BYOD, grab a seat at the table and consider the following tips for implementing workable BYOD practices.

Assemble the Right Team

Before diving in to the technology, it’s critical to think ahead, plan for business realities and implement up front information governance practices. That means assembling the right team to assess and manage risks, including representatives from IT, human resources, records and information management and legal. Integration across all departments is the key to any BYOD policy’s success.

Mitigate the Legal Risks of BYOD

Identify and mitigate the risks associated with the company allowing employee-owned devices to be used for work early and implement safeguards so risks don't dwarf the opportunities.

Potential legal risks to look out for include:

  • Privacy: commingling personal and company information
  • Discoverability of information: potential for company responsibilities in litigation
  • Tax implications: depending on how reimbursement is structured

BYOD User Guidelines and Training

Much of BYOD is focused on the device, but an important vulnerability to consider in implementing any BYOD program is the user. Tips to help mitigate potential legal risks include: write and implement specific user guidelines, train employees and implement device registration measures that require participating employees to accept and agree to the guideline terms.

Key user guideline considerations include:

  • Scope. Define eligibility to participate, devices covered and company applications approved for business use (e.g., contacts, calendar, email).

  • Device registration. Describe what mobile device management software or security measures will be installed on the device, outline the registration and agreement process and state whether password protection, auto-lock and/or auto or remote wipe could occur.

  • Company expectations. Communicate what happens (on employee side and company side) when a device is no longer within the employee's control (e.g., lost, stolen, sent in for repair, replaced, disposed of), address technical support and any application use restrictions, identify other company policies that may apply and define how email attachments and business notes should be handled.

  • Privacy. Educate employees that using their personal device for business purposes could place their personal information at risk; describe what may happen to personal information if certain circumstances occur and what types of monitoring or location-tracking may be in place.

  • Costs. Define whether and what costs will be reimbursed; understand up front any potential tax implications of reimbursements versus stipends.

BYOD Information Governance

Access to company information on employee-owned devices must integrate with broader corporate information governance and litigation readiness strategies.

Keep these things in mind when crafting your organization’s BYOD policy:

  • Avoid storing unique business information on personal devices, to the extent possible. Any business information from the device should also be stored on centralized company systems.
  • Assess preservation and litigation hold efforts that may be needed. Evaluate company needs and develop measures to extend these practices to BYOD.
  • Determine collection practices up front. Identify what practices need to be implemented to collect information from personal devices, if necessary.

The flexibility and freedom that come with BYOD make the trend an attractive one for businesses, but without the proper policies and practices in place, things can veer off track. Consider the tips that have been outlined and help ensure that company data remains in the right hands.

Sign up for our e-newsletter

About the Author

John D. Martin

John D. Martin is a partner at Nelson Mullins Riley & Scarborough LLP. His practice focuses on business litigation, electronic discovery, and information management.

Renee S. Dankner

Renee S. Dankner is of counsel to Nelson Mullins Riley & Scarborough LLP. Her areas of focus include electronic information management and governance, e-discovery and business intelligence.

Security

Why Cloud Security Is More E... |
Cloud protection services enable companies to keep up with security threats while...
Securing the Internet of Thi... |
As excitement around the connected-device future grows, technology vendors seek ways to...
Tools to Maintain Mobile Sec... |
Far-flung devices pose serious challenges, but a variety of technologies can help protect...

Storage

The New Backup Utility Proce... |
Just getting used to the Windows 8 workflow? Prepare for a change.
How to Perform Traditional W... |
With previous versions going unused, Microsoft radically reimagined the backup utility in...
5 Easy Ways to Build a Bette... |
While large enterprises have the resources of an entire IT department behind them, these...

Infrastructure Optimization

Why Cloud Security Is More E... |
Cloud protection services enable companies to keep up with security threats while...
Ensure Uptime Is in Your Dat... |
Power and cooling solutions support disaster recovery and create cost savings and...
The Value of Converged Infra... |
Improvements in security, management and efficiency are just a few of the benefits CI can...

Networking

Securing the Internet of Thi... |
As excitement around the connected-device future grows, technology vendors seek ways to...
How to Maximize WAN Bandwidt... |
Understand six common problems that plague wide area networks — and how to address them.
Linksys Makes a Comeback in... |
The networking vendor introduced several new Smart Switch products at Interop this week.

Mobile & Wireless

Now that Office for iPad Is... |
After waiting awhile for Microsoft’s productivity suite to arrive, professionals who use...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.
Linksys Makes a Comeback in... |
The networking vendor introduced several new Smart Switch products at Interop this week.

Hardware & Software

Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.
The Tools That Power Busines... |
Ever-evolving analytic software can greatly improve financial institutions’ decision-...
XP-iration Date: Today Is th... |
It’s officially lights out for Windows XP as an operating system. Here’s how the world is...