UK: Start-Up Guide To Bring Your Own Device (BYOD)

Many employees now own personal mobile devices that can be used for business purposes. Businesses are receiving an increasing number of requests to allow employees to use these devices at work.

BYOD benefits

• BYOD can bring a number of benefits to businesses, including:
• Increased flexibility and efficiency in working practices.
• Improved employee morale and job satisfaction.
• A reduction in business costs.

BYOD risks

The boom in BYOD has been matched with an upsurge in cyber crime. The use of personal mobile devices for business purposes increases the risk of damage to a business's:

• IT resources and communications systems.
• Confidential and proprietary information.
• Corporate reputation.

Ownership of the device

Personal mobile devices are owned, maintained and supported by the user, rather than your business. This means you will have significantly less control over the device than you would normally have over a traditional corporately owned and provided device.

Securing data stored on the device

• You are responsible for protecting company data stored on personal mobile devices and should, therefore, implement security measures to prevent unauthorised or unlawful access to your business's systems or company data, for example:

- Requiring the use of a strong password to secure the device.
- Using encryption to store data on the device securely.
- Ensuring that access to the device is locked or data automatically deleted if an incorrect password is inputted too many times.
- You must ensure that its employees understand what type of data can be stored on a personal device and what type of data cannot.

Mobile Device Management

Mobile Device Management software allows a business to manage and configure remotely many aspects of personal mobile devices. Typical features include:

• Automatically locking the device after a period of inactivity.
• Executing a remote wipe of the device.
• Preventing the installation of unapproved apps.

Monitoring use of the device

• If you want to monitor employees' use of personal mobile devices, you must:

- make your reasons for monitoring clear; and
- explain the benefits the you expect will be delivered by monitoring (for example, preventing misuse of the device).

• You must ensure that monitoring technology remains proportionate.

Loss or theft of the device

• The biggest cause of data loss is still the physical loss of a personal mobile device.
• You must ensure that a process is in place for quickly and effectively revoking access to a device in the event that it is reported lost or stolen.
• You should consider registering devices with a remote locate and wipe facility to maintain confidentiality of the data in the event of a loss or theft.

Transferring data

• BYOD arrangements generally involve the transfer of data between the personal mobile device and the business' systems. This process can present risks. Data should be transferred via an encrypted channel which offers the maximum protection.
• Employees should be encouraged to avoid using public cloud-based sharing platforms which have not been fully assessed.
• You should consider providing guidance to employees on how to assess the security of wi-fi networks (such as those in hotels or cafes).

Departing employees

You need to think about how you will manage data held on an employee's personal mobile device should the employee leave the business.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.