back to blog

Bring-Your-Own-Device Wars: IT Versus HR

Pam is loyal to her personal BlackBerry. John insists on using his own iPad during presentations.  Anne maintains her own laptop holds the secret to her productivity. The era of bring-your-own-device (BYOD) to work is certainly here. In fact, Gartner predicts that by 2017, more than half of companies worldwide will require employees to supply their own devices on the job.  We asked colleagues from two important sides of the BYOD debate — HR and IT — to weigh in with advice on how to make BYOD work for everyone.

Tech Concern: Maintaining Security

In a Cisco partners’ survey released this year, 90 percent of U.S. employees surveyed used their personal smartphones for their jobs within the past year, yet only 46 percent believe their employers are prepared for any issues that could arise from BYOD. The survey paints a grimly accurate profile: The average office employee uses a personal device (like a smartphone) to access work email at least once a day, regularly using unsecured WiFi networks. Nearly 40 percent of these employees do not password protect their phones. And 86 percent report that employers do not have the ability to remotely wipe a device’s data if it is lost or stolen.

“BYOD is such a departure from the conventional policy of company-provided technology, with its tight controls and strict lockdown of company data and assets,” says Steve Waller, president of Technigogo Technology Services in Austin, TX. “The main challenge for IT with any company size is security versus availability of the data. This is always a balancing act. Big business policies tend to slant more towards security, which comes at the expense of convenience and availability. Small business policies tend to slant more towards availability, which comes at the expense of security. It is this policy slant that makes BYOD so dangerous.”

These behaviors create an unstable environment ripe for malware, viruses and data thieves. Waller points out that most security risks by employees are caused inadvertently, (meaning, they didn’t mean to cause it).

“To achieve an acceptable level of security for your confidential company data, you have to work the security from the only end you have control of—the server or source end,” he explains. “There are a number of ways to achieve this [security] with common tools and technologies, or any of the increasingly available new products targeted at this growing trend.”

Waller explains the proliferation of broadband and mobile broadband makes these solutions possible. With a constant connection, for instance, Waller explains that a small business can serve a remote desktop to an employee’s own device with similar controls and security as a controlled non-BYOD environment.

HR Concern: Balancing Company Privacy & Legal Issues

Human resource professionals are also deeply concerned about BYOD security, namely in protecting intellectual property and trade secrets while respecting employee privacy. According to Laurie Howell, Principal of Austin HR, LLC, once a company relinquishes the control that ownership gives them over employee devices, that company effectively loses control over its ability to protect sensitive data and avoid resulting litigation.

“Unless companies are willing to train employees on the legal issues relating to discovery, international labor law and other hot topics in the law, BYOD opens the door to a whole new level of risk when it comes to litigation,” she explains. “It vastly multiplies the cost of e-discovery and the chances that despoliation (or stealing data) will occur.”

Howell recommends considering a set of agreements with employees to protect the company’s ability to retrieve their own information, remotely wipe data and protect themselves from lawsuits engendered by employee use of personal devices.

“Unless companies get these additional agreements and pay for some of the expense of the devices, they will have trouble saying that employees have no expectations of privacy on such devices,” she adds. “The legal fact is that employees DO have an expectation of privacy on their own devices.”

Create a BYOD Policy

If you haven’t gotten ahead of the BYOD trend with a company policy yet, now is the time agree Waller and Howell.  GLOBO reports that while 68 percent of employees use personal devices for work, less than one-third of their employers are communicating BYOD policies to them.

Waller states that while it’s not a substitute for in-place IT infrastructure and systems designed to protect your data, every company should have a written policy in regards to the security and confidentiality of company data.

“The written policy is to make sure the employee knows what to expect when mobile devices get lost or when they quit or are terminated,” he explains. “You may also need an enforceable contract to insure you can secure your company data if the user is no longer cooperative.”

“Go into a BYOD environment with eyes wide open and obtain legal guidance from counsel with experience in this particular realm who can outline risks associated with your company’s specific needs and wishes,” adds Howell.

Have you experienced BYOD security and privacy issues in your organization? What advice do you have when it comes to exploring the new BYOD frontier? Share with us right here!


Image credit: basketman23 / 123RF Stock Photo