One of the projects I recently worked on was preparing a Bring Your Own Device (BYOD) policy for a financial institution. Having written the policy for AIIM, and other organizations over the years, it was a straightforward task. The real challenge was determining the right balance between convenience for employees and security for the organization.
Organizations are more and more willing to allow people to use their own devices, even though 30-35% of BYOD is invisible to an organization. The question is, “What are those organizations giving up?” What can organizations do so the restrictions placed on devices doesn’t make the employee feel like the device is no longer their personal device?
What Are You Offering?
The first question to ask, what is your organization offering people? If it is just email access, there is not a lot of incentive for people to allow the organization to do anything to their device.
Are you providing them with mobile access to common business applications like expense reporting? Time tracking? Communications tools like conferencing and instant messaging?
These are all valuable tools that most employees can make use of regularly on their mobile device. As you move to specific roles, there are even more uses. For instance, electronic signature applications are also useful for managers and executives.
You do have a policy allowing electronic signatures don’t you?
If the applications do not work, are you willing to help users diagnose problems on their device? If you don’t, how do you know that the help they do find will protect your information and teach your people to use the applications correctly?
What Are You Asking?
In return for making people’s lives easier, what are you asking? Are you requiring the installation of a Mobile Device Management (MDM) on their phone? Are you restricting business usage to specific applications or leaving the choice open to the employee?
The more control that the organization requires, the more benefit people need to gain before they decide to simply opt-out of the policy.
I have seen people so oppressed by mobile policies that they got a new phone for personal use, even though the other device was, in theory, their personal device. As they lived on the road, they had no choice. They HAD to have that mobile productivity but they could no longer effectively depend on the device for their personal needs.
Striking the Balance
There has to be a balance. Striking the proper balance the first time is challenging. The trick is to work with people at all levels of the organization to:
- Ask what tasks would they like be able to perform on their devices
- Educate them on the risks of having the organization’s information on the devices
- Determine what level of control people are willing to give-up for more mobile capabilities
While staff will always want less control than is needed, this approach allows them to understand the ‘why’ behind the requirements. When this balance is properly struck, both sides benefit.
If that balance isn’t found, people will find a way to use their own devices on their own terms. They are doing it now.
After all, there is an app for that.