Syntronic reports 87% of companies rely on their employees personal devices to access business apps. They adopt a bring-your-own-device (BYOD) policy since employees already rely on their own smartphones, laptops, and tablets and it can lower business expenses and increase productivity.
However, allowing employees to use their own devices also comes with many risks. Here’s what you need to consider.
Employees may not be comfortable with allowing their employer access to personal data. This is particularly worrisome, since a company may “wipe” business data from a worker’s device when they leave the company’s employment. They could lose photographs, videos, and even sensitive health and financial data.
Employer Cyber Risk
Employees may not protect their devices as well as they should. They may skip passwords and screen locks, or create weak passwords – leaving them vulnerable. If they lose the device or it is stolen others could access company data.
Additionally, employees may access company systems via unsecured Wi-Fi hotspots, neglect updates, or share their devices with friends and family which increases the risk of data loss or unauthorized disclosure.
Since employees use these devices for their personal activities, they could also text, post, or call others and create problems for the company. Whether intentionally malicious or not, this could lead to a defamation or harassment lawsuit if it damages a person’s or business’ reputation or leads to financial loss. It may also be difficult to retrieve pertinent documents if a lawsuit ensues.
Additionally, when an employer asks non-exempt employees to use their personal devices for work they may also leave themselves exposed to claims under the Fair Labor Standards Act. If they’re engaged in activities outside their scheduled work hours they may be entitled to additional wages or overtime.
Some companies pay a stipend to the employee when they use their own device. However, that isn’t the only consideration. Employers may pay dearly for mobile device data and voice plans for lost or stolen mobile devices, or when usage exceeds business limits.
BYOD Policy Essential
Employers need a comprehensive BYOD policy which considers employee and employer rights and responsibilities.
A good BYOD policy typically includes the following:
- Mobile device management technology – all devices must include a virtual partition that separates work data from personal data.
- Limit supported devices – to ensure safe access to work data.
- Right to data & access – include when and how an employer can access, monitor, or delete information.
- Personal information – describe how the company protects personal information and under what circumstances it may be saved, such as backups.
- Data wipe – describe the timeline for notifying employees if the company will wipe data from their device and the review process.
- Data protection – require all employees use strong passwords and automatic locking after inactivity. Also mandate consistency for antivirus software.
- Point of contact – designate a person to handle questions about the BYOD policy and implementation.
Always review your policy with your IT department, insurer, and legal counsel and review it regularly to ensure it reflects current policies and procedures.
If your business needs to track BYOD expenses or needs a reliable payroll provider, Charlotte Payroll can help. We cater to small to medium-sized business in the Greater Charlotte area. We offer a free consultation, so contact us so we can show you what we can do from you.