BYOD Best Practices for SMBs
A suitable BYOD program can help SMBs remain agile and productive while allowing them a more satisfying work experience. Small business owners can reap maximum benefit by taking into careful consideration the legal, financial, procedural and HR implications while embarking on some of the best practices in BYOD.
Involving every department and people
BYOD policies must involve other departments besides IT, particularly if the organization is paying for the devices in any way. Highly successful BYOD programs take into consideration the chief security officers (CSOs), CEOs, legal departments, HR and communications directors defining a clear service and acceptable usage policy for mobile devices. For example, the HR department needs to contribute and approve rules for employee conduct when using personal phones for work. Payroll needs to understand how to implement stipends or expense-back programs, and so on. The IT department should work closely with the all the other departments and seek approval from each department to implement the policy. The best practices in BYOD often take into consideration the users – more than the devices. SMBs should also realize that the focus of the BYOD strategy should start with employees. If people are included in the planning and choice of technology, they will naturally feel more motivated to use the system carefully.
Communicating the policy
Keeping employees informed is critical to the success of a BYOD program. Plan changes, device changes, and any policy change must all be communicated in a clear, standardized fashion. The IT department for example can use established communication channels, including biweekly emails, to communicate about the BYOD program. As a result, the team can anticipate questions and concerns in advance and provide specific information and directions about the BYOD program, policies, and process. The policy document should be short and simple, stating the device approval process, a list of supported device types, terms of the company’s stipend plan other key considerations about the program, which the company can email to all employees.
Setting Stipend or “Expense Back” Policies
Another best practice in BYOD is allowing employees a broader device choice while providing a stipend to cover part of their costs for using their devices for work. Several large organizations and government agencies have shown remarkable results with this approach. It is believed that stipends are an excellent way to reimburse employees for business expenses they incur using their mobile devices. They provide a simple and consistent way of compensating employees and provide an incentive to keep excessive calling, data, or roaming charges in check. Any stipend policy should clearly state the company’s position on paying any coverages, phone repair or replacement charges, or late fees incurred by the employee. SMBs can adopt this best practice for being able to choose the device they want and use the additional features and apps that come with the device.
Constantly reviewing and monitoring policy
Small and mid-sized organizations should constantly monitor and review the policy, following automated actions. The SMB IT team should adopt the best practice to monitor the state of each device accessing the network. For example, they have to constantly find out: Is the device enrolled? Is it in compliance? Does it have any new applications? This kind of information will allow the decision makers to understand whether any adjustment needs to be made in the new policies or compliance rules. In case of any change, the IT team should send a notification to the user/s and if necessary take adequate steps such as blocking the device from accessing the corporate network and/or e-mail and wiping the device. Moreover, there should be a facility to deal with terminated employees before they leave the company so as to reduce further security risks.
Implementing easy to use BYOD solution
Organizations that achieved a high level of BYOD success are observed to have come up with easy to use BYOD solutions that enable users of every kind of technical aptness to log-on to the user interface and access a list of their enrolled devices. The SMB BYOD policy should be such that employees are able to locate their device, lock it, reset its password or wipe it. The user interface should be able to self-audit the device and report compliance issue.
Technical Best Practices
As the IT team has to play a very active role in implementing the best practices in BYOD, SMBs should consider certain aspects in enterprise mobility management to secure the organization’s confidential data.
Mobile device management: One of the best practices for establishing BYOD in a small or mid-sized organization is implementing MDM software that lets IT configure, secure, monitor and wipe smartphones and tablets. However, the IT department should be familiar with the wide range of tools and services that encompass this technology. For example, implementing remote wipe is a relatively good practice to prevent data loss from stolen or lost devices. As the remote wipe can be generated from within the enterprise, it can prevent a number of concerns related to misplaced devices.
Isolating corporate data: SMBs supporting BYOD should be able to isolate corporate data on the device. Companies that segregated records management requirements for archives, disaster recovery and business continuity implications, e-mail accounts, VPN and wireless settings, and some critical enterprise applications have found their BYOD programs to be a success.
Moving beyond BYOD: MDM is certainly a useful way to secure devices. However, when implementing a BYOD policy, companies that have moved beyond deploying MDM solutions, have been far more successful. This can be a best practice for small and mid-sized owners. This means that they should also consider mobile application management (MAM) as well as a mobile information management (MIM) capability as it is no longer about the devices that need to be protected but they need to protect the data.
Considering a COPE model: A BYOD strategy is not the single answer to addressing the IT consumerization trend. A number of organizations have also considered the “corporate owned, personally enabled” (COPE) model. The model can be successful because regardless of who owns the device, corporate data and personal data need to be managed separately, and corporate data should remain under enterprise control.
BYOD is an enlightened approach to the consumerization challenge, because it allows employees to use their own devices at work. However, BYOD works only when it is supported by robust technology and effective policies, processes and communications. SMBs will accrue the maximum benefits of BYOD by implementing a strong and effective BYOD program. By adopting some of the best practices, small and mid-sized organizations can embark on this exciting BYOD journey without much trepidation.