As per one of our popular BYOD infographics, 70% of the BYOD workforce fears IT administrators are browsing private materials on their mobile devices—also known as personally identifiable information (PII). On the contrary, IT personnel often worry about the prevalence of illegitimate and unlawful content on BYOD devices. So must an employee meet with an attorney before signing a BYOD agreement? Does reimbursing the employee for the cost of the device permit an employer to constitute control and gander into a user’s data activity? These challenges must be addressed head on, as the road ahead deviates from that of the middleman who owns separate devices for work and personal use.
Deconstructing legal disputes
Some of the most prevalent BYOD legal challenges are:
- Data Breaches: Since the inception of mobile devices, online data breaches have grown due to imperfect smartphone use on the end of BYOD employees. As per a VentureBeat infographic, 68% of device owners use a password while engaging in online activity, and neither change nor reuse old passwords. Smartphone owners and BYOD pro-organizations must mandate the use of password manager applications for storing their passwords, deploy policies that prevent the user from storing password online and refrain from connecting to open unsecured wireless signals.
- Data privacy on personal devices: The fear that they're always being tracked and their smartphone activity is being monitored often leaves BYOD-ers running in the other direction. The legal challenges arise when these devices are being used for accessing corporate resources and may contain traces to some intellectual content. Do your mobile device policies define which resources are permitted and restricted access from mobile devices? How efficiently are these restrictions communicated to the BYOD workforce?
- Device control for personal devices: Apart from peeping into personal owned device data, another BYOD workforce rant is how much ownership can an organization constitute on their employees personal hand held device? Who owns the personal hand held device (housing corporate info) – employee or enterprise? Does an organization run into legal issues if they remote wipe an employee’s personal hand held? Are these instances highlighted in the agreement? Do BYOD employees give in and sign off the agreement without any confrontation?
- Terminated or departing employees: While some employees exit the organizations amicably, some fail to cooperate. How do you gain access to the latters’ devices and ensure that these devices are legally safe and can’t dent an organizations reputation?
- Unlawful BYOD activity: While BYOD devices are all part of corporate BYOD program, different user groups have different BYOD mobile policies. So how do you ensure that employees are not sharing information? Many BYOD employees have a habit of wiping all evidence after a call or an application use. Do your BYOD policies smartly monitor for any illegal data mining activity?
Tips for topping BYOD risks
Smartly outdo the key legal challenges of BYOD by following this simple proceedure:
- Start with complete risk analysis of your BYOD ecosystem. Answer the following: Which groups are using mobile devices? Which device types are they using? What kind of information is consumed by the devices? How do these devices access corporate resources? What kind of BYOD related activities are happening? How often must you revisit the strategy to accommodate the growing needs of your BYOD workforce? What are your device data patterns?
- Educate employees on the deliverables of your BYOD program. Explain your employees their role and why their participation matters. BYOD employees need to understand that many of the legal risks can be reduced if both employer and employee clearly understand those risks and their roles and responsibilities in managing them.
- Create BYOD policies that can be implemented and followed with ease. Employees must not look for a reason to bypass them. Also, the BYOD policies must be pliant enough to accommodate the unfamiliar situations and the dynamism of the mobile ecosystem.
- Clearly highlight the implications of a rogue BYOD behavior. Rogue BYOD behavior often lands organizations in legal jeopardies. The BYOD policy and legal agreement must coherently define BYOD workforce expectations and his privacy rights. IT admins must ensure that the BYOD policies do not conflict with the existing set of mobile device policies and IT strategy.
David Nevatta of InfoLawGroup suggests organizations to define a personal device use policy for reducing the legal and compliance associated risks and challenges associated with personal devices. The BYOD contract must highlight the need of appropriate security software, screen locks and data encryption applications on devices accessing corporate email and other corporate resources.
Deliverables of an MDM solution
Lastly but most importantly, your mobile device management (MDM) solution must support data containerization. The containerization technique allows you to separate your work and personal data. This way IT can have access to only work related device data. Not only does this reduce a BYOD workers anxiety, it allows organizations to play it safe from a legal perspective.
Fiberlink’s award winning cloud-based MDM solution, MaaS360, has helped organizations from a diverse range of industries dissolve their BYOD legal challenges. For more tips on how you can overcome these risks, click below and sign up to view a free on-demand recording of Crushing the 6 Risks of BYOD: Policy Advice from an Industry Expert.