Bring Your Own Device
This Growing Trend Can Make Employers Tipsy
By GREG PELLERIN
An airplane pilot wants to bring his own propeller to work. A fireman insists on bringing his hose from home. A student says, “to heck with the textbook the teacher wants me to read; I’ll find one I like better.”
These scenarios might appear to be somewhat preposterous, but what if the pilot, fireman, and student insist that their ‘stuff’ will allow them to work better, faster, and more effectively? What’s an airline executive, fire chief, or teacher to say in response?BYOD, short for ‘bring your own device,’ is the latest headache facing IT departments across the country and around the world. In increasing numbers, employees are insisting on bringing their laptop computers, tablets, and cell phones to work with them — security and compliance be damned. BYOD has employers scrambling to balance worker satisfaction, productivity, and the benefits of not having to pay for all this stuff, with the potential for sensitive data breaches, violations of privacy laws, and the need to have IT people well-versed in supporting the variety of end-user devices now being brought into the workplace.
BYOD even has its own Wikipedia page. “BYOD is making significant inroads in the business world, with about 75% of employees in high-growth markets such as Brazil and Russia and 44% in developed markets already using their own technology at work,” it reads. “In most cases, businesses simply can’t block the trend. Companies like Workspot believe that BYOD may help employees be more productive. Others say it increases employee morale and convenience by using their own devices and makes the company look like a flexible and attractive employer. Many feel that BYOD can even be a means to attract new hires, pointing to a survey that indicates 44% of job seekers view an organization more positively if it supports their device.”
One of the biggest challenges for BYOD is in the healthcare industry. The electronic health record (EHR) mandate set by the federal government has doctors and nurses expecting instant access to information. Oftentimes, that means using their own cell phones, laptops, or tablets, which comes with the risk of exposing sensitive data, in violation of HIPAA regulations.
According to Anders Lofgren, writing for Health Management Technology, “banning devices outright isn’t an option, as about 70% of IT specialists and physicians already use mobile devices to access electronic health records.” Lofgren suggests implementing a comprehensive BYOD policy as soon as possible. Here are some suggestions on what to include.
• Start by Defining BYOD. Mobile phones may be permitted, but iPhones, Android devices, and, heaven forbid, Blackberrys require different security protocols.
• Implement MDM. That stands for mobile device management, and basically means registering each and every device with your IT department. It’ll be up to IT to set security policies and determine how data will be accessed, stored, and used. They’ll also decide what apps will be allowed or banned, a potential major hurdle for any BYOD policy. MDM will also mean new, complex passwords, something employees generally dislike with a passion.
• Acceptable Use. Most companies have rules about corporate-issued mobile devices governing what an employee can and cannot do. That policy needs to be reassessed with BYOD, since personal devices can be used to access potentially offensive material using the company’s network connection. Do I hear First Amendment lawsuit?
• Termination. What happens when an employee leaves the company? You can’t take back his or her phone, but you must be able to remove e-mail access and other proprietary applications. When will this process occur, and how will it be enforced?
Embracing BYOD may be a necessity in keeping a 21st-century employee happy and productive, but, like BYOB, liability questions can arise if an accident occurs on the way home. n
Greg Pellerin is a 15-year veteran of the telecommunications and IT industries and a co-founder of VertitechIT, one of the fastest-growing business and healthcare IT networking and consulting firms in the U.S.; (413) 268-1605; [email protected]