Does Every Company Need a BYOD Policy?March 31, 2015 - By: WorkSmart
With the rise of mobile device technology in the HR industry, many businesses are left wondering if they should have policies in place to protect themselves and their employees. Our HR Director, Jason Carney, chimed in on an HR Matters article explaining the ins and outs of BYOD policies.
This article was originally seen here, but you can read more of Jason’s insight below!
Does Every Company Need a BYOD Policy?
There has been a lot of talk about bring your own device (BYOD) policies in HR literature lately, and with good reason. Mobile device technology has become an integral part of the world of work, and it’s not really feasible to believe that polices developed years ago are still applicable in light of the ever-increasing pervasiveness of mobile devices in both professional and personal lives.
Yes – At Some Level
According to Jason Carney, HR Director for WorkSmart System, every organization needs “some level of a BYOD policy.” Even if your company doesn’t specifically allow or require employees to use personal devices for work purposes, it’s a fact that they likely have their own mobile devices and may take it upon themselves to use them for work simply for convenience, without stopping to think that there is a high potential for risk. Depending on your organization, this might or might not be fine – but it’s something that should certainly should be addressed in a company policy.
Carney points out that establishing a BYOD policy is particularly critical for businesses functioning in a highly regulated environment, such as those that must concern themselves with Health Information Portability and Accountability Act (HIPAA) or Sarbanes-Oxley (SOX) compliance. This is also true for organizations that have access to personal information and private data; Carney lists social services organizations as an example. Human resource management professionals also work with sensitive information about their company’s employees.
Even organizations that are not highly regulated or that don’t deal with sensitive data are still well-served by implementing a policy that addresses the use of employee-owned devices for work purposes, as this practice definitely increases security risks for the company. Carney clarifies, “For those organizations that don’t fall into one of these categories, the biggest concern will likely be the protection of proprietary corporate data.”
Modernize Your Electronic Communication Policy
Carney acknowledges that most businesses do have a policy that addresses electronic communication, but points out that “most are outdated and almost all specifically address company-owned equipment.” Modern organizations are well-served by implementing specific BYOD protocols and policies that take into account challenges and concerns specific to the organization and industry. There are a number of important factors that you need to consider before finalizing your policy, including ensuring that it reflects best practices.