Considerations of Bring-Your-Own-Device (BYOD) Policies for Work from Home Employees

Prior to COVID, bring-your-own-device (BYOD) policies were mostly geared to mobile devices like smartphones when employees were on call or answered emails on the go. Since the work environment was more likely to be in an office environment, computer devices were left on the premises.

Source: Unsplash

The drastic shift to remote workers around the globe have accelerated the need for organizations and IT teams to implement more comprehensive BYOD policies to protect their data and trade secrets from the increasing amount of data threats and hacks that occur on a daily basis.

A BYOD policy is essentially allowing an employee to use their own device for work, like a laptop and/or mobile phone. Rather than the business supplying them with devices, they could use whatever devices they have.

In general, companies that follow BYOD policies require employees to install rather cumbersome, but mandatory, mobile device management (MDM) or mobile application management (MAM) tools on their devices to ensure safe control over company assets and data.

In this article, we’ll go through some pros and cons of adopting a BYOD policy and then a primer on using MDM solutions.

The Pros of Implementing BYOD Policies

Massive Cost Savings

Usually, the main key reason companies choose to have BYOD policies is on the large savings on the companies’ balance sheets due to outsourcing the work of purchasing and replacing of devices on the employees instead of IT teams.

Most people think laptops are usually the highest expense – which is true in nearly every case. A modern laptop geared for work from home or remote employees can cost anywhere from $1000 to $2000. The total cost is much higher when you consider other items such as:

  • Headsets, monitors, keyboards, mouse, shipping costs, replacement costs, return costs when employees leave the organization.

These costs can add up over time and balloon IT procurement expenses into unreasonable numbers.

Less IT Responsibilities

With most companies now having a majority, or portion of, their workforce remote or working from home, IT teams now more than ever are overloaded with tasks and tickets from every single team.

By having a BYOD policy, IT teams can unload and relieve themselves of most of the work needed with procurement and storage of work devices as it is pushed onto the employee.

This allows for the company to save on hiring additional IT support or allow for IT teams to better manage the influx of requests any IT team faces in an organization.

One often overlooked benefit is the training IT teams prepare for new employees on their equipment. Now that training is not needed since employees are familiar with their own personal devices, IT teams can avoid setting up meetings and spending time on training sessions.

Increased Employee Productivity

Employee productivity here is in reference to employees having their preferred equipment, thereby increasing morale and they are likely to already know the ins and outs of their devices.

If employees have choices of what equipment to use, they are likely to be more efficient from day 1 of hire and focus less time on learning the technology and more time on their required duties and tasks.

The hybrid approaches many companies have adopted is providing employees a stipend to purchase their own equipment, with recommendations by the company. This provides two benefits. First, companies allow employees the flexibility to choose what equipment they want with the second being the company can control a small number of devices employees may choose from.

Work from home stipends usually extend beyond just typical laptops but also allow companies to advertise other employee benefits like choosing ergonomically optimized chairs and desks.

Employees Will Most Likely Have Up-to-Date Equipment

As these are personal equipment and devices, employees are more inclined to keep their equipment up to date and of working condition – they have a financial stake at hand, unlike company-provided equipment where they know it will be freely replaced.

As employees constantly update their devices, you’ll less likely run into outdated equipment – a huge expense for IT teams in general as technology is always changing and the depreciation of equipment.

For companies considering a hybrid variant of BYOD, consider providing employees a list of certified laptops suited for working from home that they can choose from and then allow them to expense the purchase.

This flexible strategy comes with two bonuses: employees are allowed to purchase new equipment, a huge perk, but allows the IT teams to limit the number of unique devices to a few making it much easier for IT teams to manage them.

The Cons of Implementing BYOD Policies

Some Employees Don’t Simply Have Their Own Devices

Every employee has their own unique financial situation, and some may simply not be able to afford new equipment. In many cases, new potential employees automatically assume companies will provide the equipment they need.

Why do they need to purchase thousands of dollars of equipment to work for a company?

As a result, having a BYOD policy may alienate potential recruitment opportunities. Companies should consider a hybrid approach where they can provide equipment on a case-by-case basis.

Corporate Data Risk and Increased Cybercrimes

The largest reason for avoiding BYOD is the massive risk of theft of intellectual property and information. When it comes to IT security, you are only as strong as your weakest link. By providing employees the ability to use their own device, they may intertwine personal and work-related applications and software.

Employees may have a high risk of clicking on phishing links or downloading malware that leads to dangerous actors easily obtaining company documents and other data.

For this reason alone, many companies preferably avoid BYOD and consider installing aggressive MDM software which employees do not enjoy due to the control it has over their own personal devices.

Employees Being Non-Compliant

On employees’ own devices, there is a mesh of both personal and professional-related applications and other software. Due to this, employees could easily get distracted or are more than willing to “bend the rules” and conduct personal activities when they are not allowed on their devices.

Companies may have less of an ability to control this while on personal devices, even with the installation of MDM software. Applications like popular social media apps could easily distract and reduce employee productivity if they are more focused on personal distractions rather than professional work.

Poor Personal Password Usage

While MDM tools may enforce specific passwords on accounts directly linked to company accounts, employees may still reuse their passwords on the actual login to their devices that they use for other accounts.

This allows for data to be easily compromised if employees do not follow best password practices.

In addition, since there is a mesh of both personal and work on a single device, employees may simply create a new password for their work accounts, then copy them over to their personal accounts for memorization and usability. This presents a huge risk for any organization.

Primer: How to Use your BYOD Policies to Best Implement MDM Solutions

Depending on which MDM software your company chooses at the end of the day, here are some great tips you should immediately implement for any employee on their devices:

  1. Restricting Certain Websites: certain websites may be phishing sites or malicious links. This provides an additional layer of security.
  2. Enforce Password Policies: the general population is likely to reuse passwords. Enforce stricter password rules for extra safety.
  3. Two-Factor Authentication: 2FA is an industry standard now and is expected with nearly any organization. While simple, it goes a long way preventing the easiest data leaks.
  4. Data Encryption: with MDM software, this is very easy to setup and makes it much more difficult for bad actors to get into critical company data.
  5. Device Lockdown, Blocking or Wiping: in the worst-case scenario the device becomes compromised, IT teams can immediately lock down the device and remove all sensitive data.
  6. Contain Work and Personal Profiles into Different Accounts: A huge issue mentioned multiple times prior is the mesh of personal and work profiles. With MDM software, you can create different profiles to ensure IT teams have better safeguards against unwanted intrusions.

Conclusion

With the advent of the pandemic, companies have been forced to choose how they wanted to implement their own BYOD policies. We’ve gone over several reasons on the good and the bad of having BYOD policies.

Each organization is unique, so it is good to brainstorm what works best for your organization. In the event either option is too extreme, many companies have implemented a hybrid approach where they take several aspects of BYOD into their own IT equipment policies.

The most common being installing Open Source MDM software into every device but having complete freedom of choosing a device, whether provided by the company or brought by the employee.