In today's fast-paced technological world, almost all workers have a mobile phone, tablet or laptop. Salespeople, customer service reps and managers may travel for work, or work from home, and use these types of mobile devices to complete business. Do manufacturers need to supply these to employees? Or is a bring-your-own-device (BYOD) policy something to consider?

Allowing access to your manufacturing company's systems on an employee's device presents risks. And you will need to protect your company's data without violating employees' privacy.

MAKE THE CALL

Rather than buying dedicated work phones, laptops and tablets for each employee, many businesses are tapping into workers' personal devices. BYOD programs enable employees to work anytime, anywhere, which promotes greater flexibility and productivity. Plus, employees appreciate the option to choose their preferred devices, leading to enhanced job satisfaction.

Because most employees already own these devices and tend to update them often, employers may be able to eliminate the cost of purchasing and updating devices. When calculating cost savings from a BYOD initiative, offset the equipment cost savings with the added costs of supporting multiple operating systems and devices.

Ask your IT department to provide a list of devices that it can easily support and that have acceptable levels of security. The more devices IT supports, the more time-consuming and costly your BYOD program will become.

BYOD programs also come with less obvious costs. Employers generally have less control over technology equipment and the confidential data stored on employees' devices. And employees have less separation between their personal and business lives.

PUT IT IN WRITING

Employers that allow their employees to use their own devices for work purposes need to implement a formal BYOD policy to minimize security and liability risks. A comprehensive policy anticipates what happens with the device in various situations, such as:

  • If there is a voluntary or involuntary termination;
  • If the device is lost, shared or recycled;
  • If unprotected public wireless networks are used;
  • If the device is attacked by a virus or malware; or
  • If it is synced on an employee's home cloud.

Other questions to address include:

Payment Policies
An employer might pay for a predetermined number of voice minutes and an unlimited data plan for employees. Any charges above that amount are the employee's responsibility.

Cell Phone Number
Who owns a phone number is a big deal for salespeople and service representatives, especially if they leave to work for a competitor. Customers may continue to call a rep's cell phone, leading to lost sales for the enterprise.

Password Protection
In general, mobile devices should lock if idle for five minutes and require a password or personal identification number to unlock. After a limited number of failed password attempts, the device should require assistance from the company's IT department to regain access. Multi-factor authentication (MFA) — requiring users to present a combination of two or more credentials to access various programs on firm devices — should be the standard for your employees.

Employees who participate in BYOD programs should be required to periodically submit their personal devices to IT personnel for configuration, updates and security checks. And employers should reserve the right to revoke the BYOD privilege if users do not abide by the rules.

PROTECT USER PRIVACY

Employees must understand that participation in a BYOD program gives the company access to personal information, such as text messages and photos. However, the BYOD policy should state that the company will never view protected information, such as privileged communications with attorneys, protected health information or complaints against the employer that are permitted under the National Labor Relations Act.

In case your company becomes involved in a lawsuit, its data retention policies should address how data is stored on mobile devices and gathered during litigation. Keep in mind that the federal rules governing the production of documents, including electronically stored information in federal litigation, cover all devices, including personal devices that access the company's network.

COVER YOUR BASES

An effective BYOD policy will cover all relevant security and liability risks and be legally enforceable. If you have not reviewed your BYOD policy, now is the time. And it is not enough to just have a written policy. Be sure each employee who takes advantage of the policy signs a formal written BYOD policy. Contact your attorney as well as an IT security expert to get started.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.