Home Cyber Talk Glossary What is BYOD?

What is BYOD?

 

This acronym stands for “Bring Your Own Device,” and refers to the phenomenon of employees bringing personal technology to work, for work purposes.

What has the evolution of BYOD looked like?

Twenty years ago, C-levels began using Blackberries, or similar early-stage phones, for work purposes, both at work, and elsewhere. As the convenience of checking email on a personal phone became obvious, and smartphones grew more ubiquitous, other employees began to follow suit. These days, it’s nearly impossible to stand in the way of the working-from-a-phone trend, so many employers have accommodated or embraced it.

What are the stats around BYOD?

  • By 2022, the BYOD market is projected to reach nearly $367 billion, up from $30 billion, in 2016.
  • Among Gen Y employees, over 60% believe that their personal devices are more effective, and allow for greater productivity, than those available through their places of employment.
  • The use of employee-owned devices saves employees 58 minutes per day, while increasing productivity by 34%.
  • Sixty-seven percent of companies have endorsed BYOD, while 33% remain hesitant to accept it.

What are the benefits of BYOD for employers?

  • Believed to improve employee morale
  • Believed to improve productivity
  • Possible cost-savings
  • Potentially more efficient communication

   What are the disadvantages of BYOD for employers?

  •  Devices must be secured in a way that’s on-par with other devices in the ecosystem
  • Cyber security risks
  • Expanded attack surface
  • Malware and viruses
  • Malicious insiders could download corporate data, leave the company and then weaponize the information
  • Accessing unsecured wi-fi connections
  • Potential loss of company privacy
  • More complex IT support due to diverse devices and operating systems
  • In litigation situations
    • Enforcing legal hold
    • Legal discovery

What are the benefits of BYOD for employees?

  • Convenience. Can carry one phone, not two (personal and company-owned)
  • Can use device/s that they are familiar with
  • Potentially improved work-life balance
  • Potentially improved morale
  • Can empower workers to perform better (ex. customer service roles)

What are the disadvantages of BYOD for employees?

  • Some employees may not have devices
  • Potential loss of personal privacy and anxiety about personal privacy
    • Employees may worry that employers have access to their financial data, health data, personal photos…etc.
  • Removal of separation between work and personal life
  • Can lead to stress and burnout when employees feel that they are expected to use personal time for work

What are the legal implications of BYOD? 

If an employee’s device is lost or stolen and contains organizational data, the organization is responsible for any data loss or data leakage. In the modern era, employees often retain company credit card numbers within ride-sharing apps, or on-hand in case they need to make hotel reservations. Mobile Device Management (MDM) solutions can be integrated into devices in order to minimize risk, and to preserve the integrity of company cards.

Potential violations of the Fair Labor Standards Act (FLSA) may occur. According to the FLSA, non-exempt employees must be correctly compensated for all work activities completed outside of scheduled work hours.

State laws dictate whether or not organizations must compensate employees for use of personal devices on behalf of work. For example, California Labor Code Section 2802 places the onus of at least partial cost-coverage on employers.

Something to be aware of in this situation: If an employer covers an employee’s phone bill or other device-related costs, but then factors these costs into the wage-rate, bringing pay below minimum wage, employees are liable to file a class-action lawsuit over inadequate pay.

Should my organization establish a formal BYOD policy?

Organizations should consider their priorities and unique business needs, and determine whether a BYOD policy makes sense for their organization.

In the event that your organization chooses to move forward with a BYOD policy, key considerations include:

  • Which devices your IT team can support through a BYOD policy.
  • What type of data you expect/need employees to access through their devices.
  • Whether or not an employer has the legal right to access, monitor and/or delete data on an employee-owned device.
  • Whether or not to include GPS tracking on devices. If so, this is important information that needs to be clearly communicated to employees.
  • Whether or not you’ll use MDM solutions to partition data and to minimize risk.
  • How your organization will protect employees’ personal information from misuse.

And be sure to offer employees formal, written information about exactly how your policy operates. If people have questions or concerns, ensure that you can direct them to a knowledgeable individual who can investigate unique situations, and make decisions that align with company priorities.

BYOD raises many questions, such as:

  • How do you obtain visibility within a device, and gain control over it, when you don’t own it?
  • To whom does the information on an employee-owned device belong?
  • Are files that are viewed on the device also downloadable onto the device?
  • Can company data or files be wiped or deleted remotely, without harming the user’s personal apps, files or data?
  • What happens when an employee leaves the organization?

For more on this topic, be sure to regularly visit Cyber Talk.