Skip to Content

Allowing employees to connect own devices has risks, benefits

Smartphones and tablets are everywhere.  People are spending more and more money to have the latest smart devices, and employers are struggling to keep up with employees’ demands for the latest technology.

Not surprisingly. companies have realized there is a less expensive way to deploy the latest technology:  increasingly they are allowing employees to connect to corporate networks from the devices they own. This phenomenon has become known as bring your own device, or BYOD.

The benefits of BYOD are obvious: companies spend less on equipment, employees can use their preferred devices, and they need only have one of each (I remember carrying two phones for awhile – one for work and one personal-it was a nightmare).

Surveys have shown BYOD helps employees work faster and smarter, making them more efficient and raising their overall effectiveness. BYOD is also believed to raise workplace satisfaction because employees get to work on the devices they are most comfortable with, eliminating the need for training on multiple operating systems or programs.

But with these benefits come some major risks.

Data loss is the most significant risk to companies that implement BYOD programs. By relinquishing some control and allowing devices from “the wild” to access internal networks, companies place their information systems and sensitive data at greater risk.

Implementing a BYOD program means the company’s network will be accessed by a wide array of devices from open Internet connections (think Starbucks). These devices will have different software, different apps and, most scary of all, different owners accessing different files from different places. Human error remains the single-biggest threat to information security.

Security Policies
To protect their networks from all these new dangers, companies will have to implement comprehensive BYOD security programs that include strong policies and governance rules.

These rules and procedures will have to be clear and concise, easy to follow and transparent so that employees will not resist them.

Companies also will have to invest in technology to monitor and secure their networks and all the new devices accessing their information.  Many companies are turning to mobile device management, or MDM, solutions to help safeguard their information.

MDM software works by enforcing security rules and protocols on all the devices that access the company’s network. For MDM to work effectively, the software must be installed on every single device that accesses the network.

This presents the second major risk of BYOD: company management of privately owned devices.

MDM software gives companies a lot of power over their employees’ privately owned devices. This raises many privacy questions that must be addressed. For example, how much access and control is too much? How can companies balance increasing security with employee privacy? The answers to these questions are not yet clear, but companies cannot wait to see what happens or they will risk losing talent and efficiency.

So, what can a company do to avoid the privacy pitfalls of BYOD?  Let’s revisit the BYOD policy and governance program mentioned above. Before implementing a BYOD program and before installing any software on employees’ devices, companies must inform and train employees about their BYOD program. Transparency will be a key component to successfully implementing a BYOD program.

Additionally, employers should request and receive consent from employees before installing software on their devices. Companies should explain the capabilities of the software to their employees and disclose what data is being collected about them and how it is being used. Everything should be memorialized in policies and procedures written by lawyers, not information technology managers.

Finally, companies should take care to follow their own policies and keep employees updated on any changes to the BYOD program. Failing to be transparent, not following your own policies and not disclosing all the elements of the program can be catastrophic. This will be perceived as deception, create conflict and possibly lead to litigation.

BYOD is here to stay and employers are scrambling to put the technical safeguards in place to take advantage of it.

The benefits of embracing new technologies come with responsibilities that companies increase their networks’ security and respect their employees’ privacy, By investing in now technology and implementing comprehensive and commonsense policies that are understandable and transparent, companies can try to manage the risks they must take to remain competitive.

Originally published by the Daily Business Review, Vol. 88, No. 159 (January 2014).

©2024 Carlton Fields, P.A. Carlton Fields practices law in California through Carlton Fields, LLP. Carlton Fields publications should not be construed as legal advice on any specific facts or circumstances. The contents are intended for general information and educational purposes only, and should not be relied on as if it were advice about a particular fact situation. The distribution of this publication is not intended to create, and receipt of it does not constitute, an attorney-client relationship with Carlton Fields. This publication may not be quoted or referred to in any other publication or proceeding without the prior written consent of the firm, to be given or withheld at our discretion. To request reprint permission for any of our publications, please use our Contact Us form via the link below. The views set forth herein are the personal views of the author and do not necessarily reflect those of the firm. This site may contain hypertext links to information created and maintained by other entities. Carlton Fields does not control or guarantee the accuracy or completeness of this outside information, nor is the inclusion of a link to be intended as an endorsement of those outside sites.

Disclaimer

The information on this website is presented as a service for our clients and Internet users and is not intended to be legal advice, nor should you consider it as such. Although we welcome your inquiries, please keep in mind that merely contacting us will not establish an attorney-client relationship between us. Consequently, you should not convey any confidential information to us until a formal attorney-client relationship has been established. Please remember that electronic correspondence on the internet is not secure and that you should not include sensitive or confidential information in messages. With that in mind, we look forward to hearing from you.