12:34 PM
Core System Testing: How to Achieve Success
Oct 06, 2016
Property and Casualty Insurers have been investing in modernizing their core systems to provide fl ...Read More>>

6 Risks Your BYOD Policy Must Address

Strong company policies are a must for managing legal and other risks of personal devices used in the workplace. Are you addressing all the issues?

3. BYOD Devices Are Subject To Border Search And Seizure.

If you've got employees that travel internationally, their devices might be subject to search or seizure at border control -- something they need to be aware of in advance if they're going to use their own when they're on the road. This falls into the category of employee awareness. They need to know, via policy and education, that they're forfeiting certain rights to their personal devices by using them for work.

4. Who's Responsible For Repetitive Stress Injuries?

Employers can manage the costs and risks of an employee getting hurt on the job in a variety of ways: Insurance, safety training, ergonomic office equipments and so forth. This would include desk-bound employees who develop repetitive stress injuries from typing, mousing or similar tasks. But what if they get "BlackBerry thumbs" from a device they own? Can they take action against their employer? If you think that sounds far-fetched, think again: Overly said they have already seen two cases where an employee at least explored a claim against their employer as result of using a personally owned device. "This is another policy and training thing: By putting employees on notice that there are issues, particularly repetitive-stress issues, with regards to the use of technology," employers can limit their liability, Overly said.

5. The Demise Of The Great American Novel.

BYOD discussions tend to focus on the hardware that made it famous, namely smartphones and tablets. But bring-your-own can include laptops, netbooks, ultrabooks and other gear -- something bound to increase if Windows 8 hardware proliferates. Overly noted a situation involving a person who alleged that his employer deleted files from a personal laptop after he brought it to the office to have security software installed. Those files included the only copy of the novel he'd been writing for years; the claim stopped just short of court. Again, this scenario -- the responsibility for loss of data on an employee-owned device -- can be proactively managed via policy, provided the employee is made aware of the risks. (That particular employee might also need a tutorial on the many low-cost options for backing up files.)

5. What Happens When An Employee Shares A Device?

A strong BYOD policy would protect the company in the case of the employee's deleted novel-in-progress. It would not do the same if that novel was written by the employee's spouse. If you've ever shared or borrowed a computer, tablet or phone with family or friends, this one's for you. Overly called shared used of employee-owned devices one of the most pressing BYOD issues around, in part because it can't be easily mitigated with policy. An employee sharing a BYOD-use iPad with his spouse certainly opens up potential issues such as corporate data loss or security breaches. But it also creates a much thornier problem in terms of potential legal action against the employer. Overly described a case in which a spouse used a BYOD device to photograph an important, one-time life event. The company, in the course of routine device management, later deleted all of the photos -- the only copies -- via remote wipe. "How does the company protect itself against a claim by that spouse?" Overly said, noting that the employer doesn't have any policy or contract with that person governing use of the device. "It's very, very difficult to do," he said. The total separation of personal and business data on employee-owned devices is "the holy grail" for BYOD shops, Overly added.

6. What About When An Employee Gets Rid Of A Device?

Employees that sell or recycle a BYOD device after upgrading pose another risk, as do lost or stolen devices. A common policy and technology strategy is to enable remote wiping of the device's data and require it as a condition of program participation. Like most protections, remote wipe is not fool-proof. But it's a key tool in managing the downside -- which can be steep simply because of the sheer volume of devices. Device disposal occurs millions of times when Apple releases a new iPhone, for example, or more incrementally when people accidentally leave their phones in taxicabs or airport waiting areas. Employee termination is another scenario where remote wipe can be crucial.

"Terminated employees [are] always a challenge because they may not be interested in helping the company with anything," Overly said.

A security information and event management system serves as a repository for all the security alerts and logging systems from a firm's devices. But this can be overkill for a company that is understaffed or has overestimated its security information needs. In our report, Does SIEM Make Sense For Your Company?, we discuss 10 questions to ask yourself in determining whether SIEM makes sense for you--and how to pick the right system if it does. (Free registration required.)

2 of 2
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
11/26/2012 | 7:58:25 PM
re: 6 Risks Your BYOD Policy Must Address
Well folks. There you have it.

If any business is still up for having a BYOD policy after understanding the legal risks, then they are just plain crazy. Same for the employee who will fork over a good bit of their personal life as part of the, ahem, bargain.

I find it hard to believe that BYOD is more cost effective than an employer provided device when you look at the the total cost of ownership (TCO).

BYOD (short of insuring us IT types a good long career) is ridiculous on many fronts... legal, technical, security, privacy... ad nauseum.
NJ Mike
NJ Mike,
User Rank: Moderator
11/26/2012 | 6:23:11 PM
re: 6 Risks Your BYOD Policy Must Address
My solution to this BYOD problem - tell my employer if they need to be to have a smart phone or a tablet, or a laptop, they can issue me a smart phone, a tablet, or a laptop. I don't like to mix business with personal, so the thought of using my personal phone/computers for work is not something I want to do.
User Rank: Ninja
11/26/2012 | 4:30:22 PM
re: 6 Risks Your BYOD Policy Must Address
"The personal devices they use at work could be examined not only by their employer but by the other party in the lawsuit."

This is why you WIPE all evidence from your phone after every call or every app used. No one spies on my private phone, ipad, or tablet. Its also helpful to have multiple fake name accounts on ALL social media. Learn to beat the busybody nosy types at their own game.
InformationWeek Elite 100
InformationWeek Elite 100
Our data shows these innovators using digital technology in two key areas: providing better products and cutting costs. Almost half of them expect to introduce a new IT-led product this year, and 46% are using technology to make business processes more efficient.
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.