BYOD Checklist: Who is Responsible for What?

By Wayne D.S. Wong, Managing Consultant, Kroll Ontrack — August 10, 2012

It happens so fast – one moment of inattention on a business trip and someone makes off with your laptop or smartphone. Inconvenient to say the least, but even more so if it is your personal device that is also being used for work purposes. Who is going to pay for the loss? And what about the stored data that is gone – the RFP that was just completed, the lead information, your client list?

Companies and employees are increasingly confronted with this situation in the current climate of BYOD in business. This idea is popular among employees and corporate management alike, particularly in companies where computing resources and budgets are limited. Employees know how to use their own devices and can more efficiently manage their work and life in an integrated fashion. Further, companies can save money on hardware and simply focus on usage policies and packages for their employee base.

Regardless of the benefits, corporations and employees often forget important consideration factors. What happens if a device is lost or damaged? Can a lost or stolen device be remotely wiped? How will the device data be backed up?  Is the personal device subject to quarantine and examination due to litigation or investigation? Many employees are not aware of the amount of responsibility they are assuming when using their devices for corporate purposes.

BYOD Checklist


Before employees use private devices for work, they should clarify some issues with their company’s IT department:

•    Backup Retantion and Litigation: As soon as company data is involved, certain compliance requirements apply. Is it the employees’ responsibility to save their own data at specific intervals, or do the company’s IT specialists take care of that? What tool is used to conduct the backup, who makes it available and who monitors compliance?

•    Data Loss: Mobile devices are not robust and the memory is easily damaged. If there is no backup and the data is important, a professional expert may be able to help. But, who has to arrange for this and who will foot the bill? In addition, many people don’t realize that it is not possible to distinguish between company and private data during data recovery process. When a data recovery is preformed, data will simply be restored. Often times the file names can no longer be read, so all files have to be opened and checked in order to disentangle private and company data. In this case, privacy cannot be maintained.

•    Loss of the Device: Two main issues arise if the device is lost or stolen – first, who will replace it, and second, the obligation to inform the employer. Are their rules as to how soon the company must be informed about the loss? Does the company intend to take quick action, such as remotely blocking access or deleting data?

•    Remote Deletion: Some companies require employees to install a program on their device that allows data to be deleted remotely in case of loss or theft before they may use the device for company purposes. Many people do not realize that the deletion is not specific to company data, but affects personal data as well.

•    End of the Employment Contract: Most people change employers sooner or later. What happens to the company data on the private device in that case? Who checks that it has been deleted? Will care be taken to ensure that private data is not lost during the employee exiting process?

Everybody Has a Part to Play

IT support is another aspect of BYOD that requires careful consideration before adoption. When there is a technical issue, employees using private devices will turn to the company IT department for support.

This means that enterprise IT support experts are suddenly confronted with a variety of devices and software versions to maintain. As a result, IT now has considerably more work. Therefore, it makes sense to restrict the range of devices that are permitted for BYOD. Maintenance and service issues also need to be defined clearly, even though employees are usually more careful with their own devices than they might be with company phones or tablets.

The smaller the company and the more recent the introduction of BYOD, the more likely it is policies will not be set in advance. Management, IT and employees need to work together to set up the best possible procedures. The HR and legal departments should be involved at the outset when considering BYOD adoption

Neither employees nor management should let themselves be tempted by the benefits of BYOD without addressing the risks. If companies opt to move forward with implementing BYOD, it is critical that clear guidelines, monitoring and training are in place. Doing so will better ensure cost savings and employee enablement, which will ultimately improve business overall.

POST A COMMENT

comments powered by Disqus

RATE THIS CONTENT (5 Being the Best)

12345
Current rating: 4 (6 ratings)

MOST READ STORIES

topics

Must See


FEATURED REPORT

Who Owns Mobility

Less than one decade ago, smartphones and tablets changed workplace technology—virtually overnight. IT lost "control" and users became decision makers. Is it any wonder we are still trying to figure things out, and that the question of  "who owns mobility" remains? This research examines the current state of mobility in an attempt to answer that question.