How to Build a Robust BYOD Policy

Posted by on August 1, 2013 in Business Management, Business Technology [ 2 Comments ]

Build a Robust BYOD Policy for Your BusinessPolicies are hard to write, no matter what they are for. With the increase in Bring Your Own Device (BYOD) policies being implemented by all businesses big and small, it’s tempting to find an appropriate template online. A tailored BYOD policy that fits your company would be a healthier, more productive solution, however. That doesn’t mean that templates found on the internet should be disregarded: they are a good starting place when creating a BYOD policy. There are some supplemental materials for the initial BYOD brainstorming phase from the White House and IT Manager. After going through these templates and toolkits, there are some items that need to be checked off to ensure you hit the key points that produce a robust BYOD policy.

Related89% of IT Departments Support BYOD; But Do the Pros Outweigh the Cons?

Step One: Define Devices

First, be implicit in specifying which devices can be used at the workplace. Back in the early 2000s, you could just say, “Blackberries only,” but Blackberries are all but dead and there is a multitude of phones across a variety of carriers that are more than capable of being used in the workplace. It is, however, fortunate that most of your employees will come in with those capable devices in their pocket.

So that means that you need to be clear about what “Bring Your Own Device” means in your business. For some, it means bring your Galaxy Note, Surface, or iPad; still for others, bring your own laptop. Be thorough and don’t leave room for interpretation when you craft this section of the policy.

Step Two: Reduce Security Risks

Second, enforce a rigorous security protocol for all devices under the policy.  Usually, a security policy for BYOD entails that a device must have a complicated, multi-character password beyond the normal pattern swipe or 4-digit PIN to access a phone’s information. If you have an IT team or hosted VoIP business phone system, check their security options to see if these security measures are possible.

The security policy should make clear who owns the data or apps on the phone. Some businesses assert the right to wipe any data off of a device. Some businesses ensure that the personal data of an employee is securely backed up through the cloud so that if a wipe occurs the personal data of the employee is safe. This can be hassle and a headache if you don’t have an expert IT phone team to know where the data is stored and how to perform wipes/backups.

If you have a hosted PBX business phone system implemented alongside a BYOD policy, though, it is easier to avoid the data security risk. Check to see if the vendor has a smart phone app available that is able to connect to the standard business phone hardware. If available, an app of this caliber will be able to create two numbers for one device so that data, call records, and numbers are kept separate from an employee’s personal information.

Related: Find a new phone system for your business.

Step Three: Moderate Workplace Usage

Even with a business phone app on the device, you will still want to have policies in place about acceptable workplace usage. Can the employees check Facebook while at work? Are apps that can potentially interact with the business end of the device allowed? These are important questions to ask when forming a BYOD policy.

Be careful to limit talk times, messaging, and data downloads over personal devices through the company network, those can seriously rack up the monthly charges for wireless data usage. This infographic can help clarify some of the less obvious charges of a BYOD policy.

Step 4: Build Your Backup Plan

Have an escape plan. If an employee leaves you’ll want to be able to have the authority to remove apps, data, and information from a device without complications. This would include things like disabling email synchronization, removing the business phone app, and wiping any company information from the phone.

Be aware: smartphones can be seized and search if an employee and a company are involved in a lawsuit. So, it’s important to define what qualifies as business information on an employee’s cell phone: emails, call records, documents?

Related: Mobile Device Management for Your Business

Remember, a BYOD policy is not an excuse to restrict an employee’s rights and make their interaction with their own device miserable. The point is to protect your rights as a business owner and the rights of your employees. That is why it is so important to have a well written and detailed policy.

About the Author: Amber is a marketing professional from Sacramento, CA with many years’ experience in business-to-business software and services – especially hosted VoIP services - and currently works with ShoreTel Sky. She  enjoy writing about unified communications, applications, and mobile solutions.


2 thoughts on “How to Build a Robust BYOD Policy


  1. avatarAlan Lucaz

    Thought these were very good steps for implementation of a smart BYOD policy. Very much reminds me of a video I saw earlier this week about Navigating Through BYOD. Really good article and think it really looks into major factors needed to address security concerns.



Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>