Cybersecurity • 23rd May 2019

How to Implement a BYOD Policy Your Employees Will Actually Follow


Bring your own device (BYOD) policies have risen in popularity in recent years. In fact, 82 percent of companies let employees use personal devices for work. Why so many? Businesses save money by not having to make additional purchases, and employees don’t have to juggle between multiple devices.

But employing a BYOD policy isn’t easy. Business owners have to put trust in their employees to protect the company’s security. This blog will explain how BYOD policies work and provide tips on how to implement a BYOD policy that employees will follow.

What Are the Benefits of a BYOD Policy?

Before you create your BYOD implementation plan, you need to know the benefits of a BYOD policy. Your employees are likely to ask questions, and it’s best to be prepared so you’re not caught off-guard.

Here are the top four benefits of allowing personal devices at work:

Financial Savings
Because BYOD policies ask employees to use the same devices they already use at home, businesses save money on purchasing and maintaining laptops and mobile devices. Instead of paying full price, companies can pay employees a small stipend to cover device costs, data plans, etc.

When your employees no longer have to switch between their home device and work device, life gets a lot more convenient for them. According to a study by Sapho, employees save 81 minutes a week by using their own devices.

Plus, because they already know the device, they don’t need to be trained on a whole new system, making BYOD more convenient for your company as a whole, too.

Access to New Technology
Employees are more likely to purchase the latest phones and laptops, while companies tend to be a few years behind. This is because individuals get upgrades much more quickly and at a faster rate than companies do.

To stay efficient and productive, your employees need to be able to access information no matter where they might be. Because BYOD gives them access to their own phones, which are likely newer, they can access information quickly without struggling to go through password after password on their secure work phone.

While these benefits are hard to resist, a poorly planned BYOD policy can cause some major issues, including security risks and an increased need for IT support. When your employees are using a myriad of different devices — all with different operating systems — you need reliable IT support to be able to help them.

And considering that half of BYOD-friendly companies that experience a data breach are breached by an employee-owned device, it’s safe to say that you need a policy that accounts for such problems while maintaining the convenience of the program.

How to Implement a BYOD Policy

Here are seven steps you can take to create a successful BYOD implementation plan:

1. Establish Security Policies

Now that your employees can pull up sensitive information from home, your policy needs to address potential pitfalls. This includes setting up strict password requirements so that — should a device fall into the wrong hands — you can be sure your data is safe.

Beyond passwords, your BYOD implementation plan should outline:

  • The minimum required security controls for devices
  • Where data will be stored (including what is stored locally)
  • Inactivity timeouts
  • Whether you require employees to download a mobile device security app
  • Your remote wipe policy

Depending on your industry, you might need to create more restrictions based on compliance requirements.

2. Create an Acceptable Use Guide

If you don’t already have an “Acceptable Use Policy,” you should create one in conjunction with your BYOD policy. This policy will help guide your employees away from distractions while keeping your network free of viruses and malware.

When creating your acceptable use guide, outline which applications employees are permitted to access from their personal devices and which apps are restricted. You should also note:

  • Which websites are banned while a device is connected to the company’s network
  • What types of company-owned data employees can access from their devices
  • What disciplinary actions you will take if someone violates the policy

One thing to note: Don’t block websites like Facebook or YouTube. Blocking these sites can seem overly controlling, especially from your employees’ personal devices. You need an acceptable use guide that isn’t excessively strict and shows that you have trust in your team.

3. Install Mobile Device Management Software

Mobile device management (MDM) software allows you to configure, manage and monitor all personal devices from one application. Your IT team can then authorize security settings and software configurations on any device connected to your network.

With MDM software, your IT team can create automatic backups of your company’s intellectual property using the cloud, scan for vulnerabilities in your system, block mobile devices that could be threats, ensure anti-malware applications are updated, remotely update and patch issues and further enforce security policies.

4. Use Two-Factor Authentication for Company Applications

Two-factor authentication keeps hackers from impersonating users and gaining access to company accounts. It keeps your classified information secure by forcing anyone who logs in to an application to go through an extra step, such as providing answers to security questions or using a code that has been provided in an email or text message.

5. Protect Company and Personal Data on Employee Devices

While you need to protect your own data in a BYOD policy, it’s also a good idea to protect your employee’s personal data. Your employees deserve to have some level of privacy.

Your MDM software and processes should never interact with, copy or store your employee’s personal information, applications and other data such as location information.

6. Simplify the Sign-Up Process

The sign-up process for your BYOD program should be easy. Don’t ask employees to fill out a paper form or put them through multiple rounds of approvals. Your employees should be able to sign up or enroll through an IT ticket system to track all requests and their progress.

After they enroll, they shouldn’t have to download too many different apps — one or just a few should be enough for them to access the information they need without too much work.

7. Train Your Employees (Regularly)

Provide regular training seminars so your employees stay up-to-date on the BYOD policy and potential risks of not following the rules.

You can also create a detailed manual or allow employees to schedule one-on-one training with someone in the IT department. That way, employees not only learn the best ways to use their devices, but they also understand the potential risks and how the company plans to avoid such issues.

Get Expert BYOD Policy Advice From KMicro

Implementing a BYOD policy comes with its fair share of tasks. As a business leader, you know the benefits and you know what could go wrong, so you might need a helping hand.

Contact someone at KMicro to give you that hand. We’ve worked with everything from SharePoint migrations to cybersecurity solutions, so we can help you create a policy that covers all of your bases.

Set up a call with one of our team members or call us now for more information: 949-284-7264.

Learn more about KMicro’s Pricing

If you’re ready to learn more about KMicro’s monthly pricing options, set up an appointment with one of our IT consultants or call now for more information: 949-288-4875

Get started with