BYOD: What is Bring Your Own Device?
Find out what BYOD is, the risks, and tips to manage a BYOD environment.
Read time: 4 minutes
BYOD, short for Bring Your Own Device, is a business practice that is not likely going away, especially with the increase in remote and hybrid workers. But that doesn’t mean businesses cannot and should not have some control over how employees use personal devices to do their jobs.
The practice of BYOD presents certain challenges to organizations. To understand the scope of the challenges – and ways to address and overcome them – we need to look closely at BYOD. In this article, we will:
Review the risks and liabilities of BYOD
Offer some tips on how to effectively manage a BYOD environment
What is BYOD?
BYOD is the policy of allowing staff to use their personal mobile phones, laptops, and tablets for work purposes, such as connecting to the corporate IT infrastructure.
Businesses like BYOD because it saves the expense of providing every employee with a dedicated smartphone and monthly cell service contract. It increases workforce mobility while reducing the IT burden of managing more company-owned devices.
Employees like BYOD because it allows them to be more productive and efficient by using a familiar device of their choice. They can access data from anywhere, supporting field-based, hybrid, or work-from-home initiatives, and they only carry one device for all communication needs, business and personal.
What is a BYOD environment?
It’s one thing to allow or even encourage employees to use personal devices on the job, but hundreds or thousands of employees using all kinds of mobile devices from different manufacturers running various operating system versions creates a BYOD mess, not a BYOD environment.
A BYOD environment is one in which the IT department:
Implements specific rules for which types of personal devices, operating systems, and applications are approved for use on the company network.
Establishes best practices for, and organizational rights over, information passed through personal devices for business purposes.
Outlines employee responsibilities, reimbursement policies, and sets endpoint security standards.
The goal is to reduce incompatibilities and related support issues, enhance collaboration and information sharing among employees, and minimize security risks to the corporate IT environment.
Some organizations have switched to a new model – CYOD or Choose Your Own Device. With CYOD, the company presents a short list of pre-approved smart devices or platforms that employees can use to execute business transactions.
This doesn’t solve the problem, but standardizing on the Android or iOS operating system, for example, narrows an IT department’s support focus and the types of security issues they need to prepare for.
Other enterprises have turned to something called mobile device management, or MDM. Several on-premises or cloud-based software solutions are available that monitor mobile data traffic and allow corporate IT to remotely configure, manage, and even erase mobile devices connected to the network in the event of a breach or a lost device.
What are the risks and liabilities of BYOD?
The primary concern regarding BYOD is network and data security, specifically concerning how users can unwittingly create vulnerabilities to cyberattacks and breaches. How does BYOD introduce these risks?
BYOD increases the network attack surface. Every unsecured endpoint device is a potential entry point for malware into a central IT environment. A simple phishing email to one unsuspecting employee is all it takes to result in a massive breach.
Compliance leaks. Employees can do what they want with their own property. Patient or financial data can be exported from mobile devices, creating compliance risks even when the central IT infrastructure is secured.
Lost or stolen devices. Employees take their smartphones everywhere, increasing the chances a missing device holding unsecured company data could put the business at financial or legal risk.
Use of unapproved applications. Employees may download and use applications for businesses purposes that are not managed by IT, commonly called “shadow IT.”
What is a BYOD allowance?
A BYOD allowance, or mobile device allowance, is a monthly stipend an employer will compensate workers for using their own mobile devices on the job. Usually ranging from $30 to $50 per month, it is intended to cover any business-related expenses of an employee’s service plan. It is less costly to the company than purchasing devices and footing the entire monthly bill and can be listed as an operating expense (OpEx).
How to manage a BYOD environment?
BYOD environments come in all shapes and sizes.
A startup lacking the resources to purchase hardware asks its employees to use their personal devices for business use.
A university with thousands of students, faculty, and staff all bring their own devices to campus to connect to printers and virtual classrooms.
An insurance carrier allows its claim adjusters to submit reports using their laptops from the field.
A real estate brokerage firm allows its agents to use their own smartphones to communicate with clients and access the multiple listing service (MLS).
And these only represent a few examples of BYOD environments.
Monitoring and and managing populations of BYOD users and devices is a challenge, if for nothing else than the sheer variety of devices. Here are some ideas to simplify the management of your BYOD environment:
Begin with a BYOD policy. Establish rules for the types of approved devices and applications, corporate versus personal email privacy rights, password requirements, and actions to take in the event of a lost or stolen device.
Educate employees. Teach users to look for suspicious phishing emails and how to create strong passwords. Install an anti-spam solution to screen for malware emails.
Limit software applications. Monitor which apps can be run on BYOD and point users toward driver-less mobile printing solutions.
Use trusted cloud service providers. Engage a managed service provider (MSP) that offers security policies and managed security services covering BYOD in addition to fixed computing assets.
Deploy endpoint protection solutions. Install endpoint protection software on every BYOD to detect and alert users to the latest malware threats, even if the device is not connected to the network.
Separate business from personal networks. Restrict personal devices to a guest network separate from mission-critical servers and workstations. Authorize only the lowest level of network access privileges to BYOD users.
Large enterprises should employ Mobile Device Management (MDM) software to monitor all BYOD. Remotely monitor entire populations of electronic devices with the ability to push configuration updates, wipe or reset devices to factory settings if lost or stolen, and detect malware threats. Some MDM solutions separate, or containerize, personal information from business apps and data to enhance security.
The simple fact is BYOD is here to stay, despite the rise of cybercrime and the various security and compliance risks inherent in using personal devices for business communications.
The good news is that companies can still support BYOD initiatives and allow their employees to conduct business using their personal devices with the right safeguards in place.
Recommended for you
5 steps to improve your organization's information management
A well-defined information management process makes organizations competitive and drives them forward. See how Ricoh is helping companies manage information.
8 benefits of managed cloud services
Discover the 8 benefits that lead companies to choose managed cloud services to meet their cloud computing and cloud hosting needs.
AMETEK ESP outsources customer service to Ricoh
See how Ricoh cost effectively boosted customer service by managing AMETEK ESP's call center, tech support and warranty product fulfillment.