Skip to main content
Jun 15, 2015

5 Ways to Reduce BYOD Liability

The growing popularity of bring your own device (BYOD) initiatives among organizations presents a number of challenges to mobile enterprises. While the use of personal devices for work purposes does not necessarily introduce any new liabilities to organizations, the adoption of BYOD practices does bring certain issues into the foreground. From addressing ownership rights and data security, here are five ways enterprises can reduce BYOD liability.

1. Have a Comprehensive BYOD Policy in Place

A comprehensive user policy is the anchor to any BYOD initiative. Written correctly, it is a powerful document that can greatly reduce many of the liabilities associated with the combination of personal devices and corporate data. An effective BYOD policy outlines the expectations and roles of the organization and BYOD employee, as well as any applicable third parties. Among the many issues that the policy should address are the types of devices that are supported, support and/or maintenance expectations, data security, monitoring, tracking, and remote wiping just to name a few. The document must also include the consequences of failing to adhere to policies. Finally, always require employees to read, accept, and sign the policy prior to granting them BYOD privileges.

2. Separate Work and Personal Data

Imposing a clear separation between work and personal data overcomes many of the challenges enterprises face regarding data privacy and ownership. Make it clear through both your BYOD policy and enterprise apps that corporate and personal information should not mix. For instance, information from corporate email accounts should never make its way into personal email accounts and vice versa. Keeping the two types of data separate makes it easier for the enterprise to exercise control and ownership over corporate data, while at the same time provides your BYOD users with privacy over their personal information.

3. Implement Safeguards to Protect Sensitive Data

Storing data on any mobile device, regardless of the owner, introduces a level of risk to the enterprise. If a device is lost or stolen, this can leave sensitive corporate information exposed. Mitigate this risk by having safeguards in place to prevent unwanted users from accessing company data. Password protection, access control, and the ability to remotely wipe enterprise mobile apps are all viable solutions that are easily implemented when private and personal data are stored separately.

4. Clearly Define Device Ownership

The concept of BYOD is centred on an employee-owned device. For organizations with longstanding corporate-issued device initiatives, this represents a marked shift in policy. Just as employees need to understand the ownership of corporate data stored on their devices, enterprises must respect its employees’ rights as device owners to prevent potential legal or privacy issues. In your BYOD policy, make sure to include any requirements associated with installing additional software (i.e. an antivirus app), monitoring, tracking, or anything else directly related to an employee’s device.

5. Provide an Open Forum for Communication

As mobile enterprise applications grow more complex and mobile devices become an even greater part of our personal and professional lives, the concept of BYOD is likely to evolve over time. Instead of reacting to changes, be proactive by providing an open communication forum with your BYOD employees. Encourage them to ask questions and address them as they arise. As an enterprise, it is best to view BYOD as a continuously evolving initiative rather than simply another form of technology. With the right policy, employee training, and safeguards in place, the benefits of allowing employees to use their personal devices in the workplace far outweigh the liabilities.

Apperian

More from the Blog
Sep 19, 2018

Arr Matey, Hear a Tale about Cyber-Piracy

It’s Talk Like A Pirate Day.
Read more
Sep 18, 2018

The App Is The Endpoint

Traditional Endpoint Security is dead, that is to say that hardening the laptop, desktop, or device is not a panacea. ...
Read more
Aug 29, 2018

Using real-time threat analytics to thwart a serial app attacker

How Arxan helped shut down continuous reverse engineering attacks Operating in the Dark It started after releasing an app u ...
Read more