Posted: September 9th, 2022

BYOD Policies

BYOD Policies

Introduction
Employers and their employees can reach an agreement that allows employees to bring their own device to works (Bring-Your-Own-Device). As such, the devices become dual used for professional and personal/pleasure. Researchers establish that most employers in the UK and the US already have such a policy in place in more than 80% of the organizations (Rajendra, 2014). This trend is also set to increase due to a variety of reasons that surround employee and employer working conditions. A company can intervene and create a set of company policies that could allow them to navigate some of the more important privacy issues that come with BYOD.
Generally, there are a variety of information security issues that might arise with the dual use of a device for work and pleasure. This issue constitutes some of the more common employee-employer conflict surrounding privacy priorities for the organization and the employee personal data. This term paper supports the BYOD policies suggesting that it is bound to become even more common within the workplace since portable computer devices, access to internet and smartphones are becoming increasingly ubiquitous. Above all, the adoption of BYOD policies serves to enhance the security of a company’s IT infrastructure.
Defining the BYOD Policy
With greater availability of portable computing devices for the common working person, access and availability of more personal devices per employee are on the rise. BYOD policy is a concerted effort by employers to allow their employees to bring and engage in work using their personal devices. Rajendra (2014) identifies that a concerted effort can only be legal if the said effort is sanctioned by other employees and works not for the benefit of the employer alone but also for the benefit of the collective employees. There are a variety of reasons why employers might require their employees to bring in their own devices to work.
Employees require a certain degree of flexibility and freedom, and they can be able to achieve this at the comfort of their own devices. Totten and Hammock (2014) identify that on most occasions, the ability to bring your own device allows the employees to source the newest and latest technology and avoid the two pocket syndrome. This is a potential nerve-damaging condition that occurs when a person sits on wallets or mobile phones for an elongated time. The BYOD is also critical for the organization as it allows the company to save money on the purchase of the devices directly for the employees (Totten and Hammock, 2014). The burden is placed upon the employee to source and acquires the device for their use. By creating good working policies, the use of employee-owned devices can be critical in pushing the organizations’ overall security to a better place.
BYOD and Organizational Security
Organizations are bound to face an attack on their networks and computer devices. It is contingent on the organization to set up a working security framework to mitigate the organization from perpetual risks. The external hardiness of an organization is bound to always be under continuous threat due to an increase in computer devices as the organization grows. Libicki, Ablon and Webb (2015) identify that an organizational hardness is dependent on the number of computers an organization has, its ability to repel penetration by unauthorized persons and the ability of each of their devices connected to a network to resist penetration. This can be achieved through the creation of standard policies that adequately offer training to employees on how to maintain safety on their devices.
The BYOD critically can help address organizational security by adopting some of the more important security strategies on the use of personal devices at work and for pleasure.BYOD improves organizational, as it determines which device have access to what network and at what time (Totten and Hammock, 2014). They also can restrict employee access to the whole system and only limit their access to certain application and programs. This is more secure as it allows an organization to concentrate efforts on s specified number of sites. By creating an elaborate list of authorization, the organization can better monitor their employee action and know where exactly an attack occurred.
An organization with good and up to standard BYOD policies the employee works to mitigate attacks as they are increasingly required to maintain a certain set of procedures. Libicki, Ablon and Webb (2015) identify that it easy for the organization to determine and communicate new forms of monitoring relative to the employee allowing it to have better control of how the device’s data is used. Totten and Hammock (2014) identify that in personal devices the employee is more likely to keep up to date with the latest software updates and this is more pronounced in the case of the millennial generation, where 84% of those in the workplace in US and UK spent personal funds on upgrading to the latest software and newest devices.
BYOD reduces costs of organizational surveillance and risk assessment and places it on the employee relative to their accessibility of the authorized system. This is only relative to the policies in place and their ability to increase external hardiness of the organization. Libicki, Ablon and Webb (2015) identify that with good policies, external hardiness increases and organization and their employees who adopt the policies become less risk-averse. Liability shifts from company to employee behaviour and competency on suing personal device for both work and pleasure. Employers can better manage security by determining which class of employees have access to the system network, application, program or database. The usefulness of bringing such device management policies allows the organization to reduce attack surfaces, external hardiness of an organization decreases with an increase of computing devices with access to a network (Libicki, Ablon and Webb 2015). This can be done by putting adequate data protection in place that may require a strong password for the computer, or lock device automatically after elongated idle periods on the device. It is also can allow employers to better designate what people can access work-related downloads and software.
What an effective BYOD policy should include (best practices)
An effective BYOD policy considers the scope, outline the appropriate use of the computing devices during work, addresses all cost and support issues, implements security protocols, trains employees on use, and monitors. There are numerous privacy violations that an organization might break regarding monitoring and implementing security protocols such as having unauthorized exposure or erasure of employee personally identifiable information, or their personal health information. Totten and Hammock (2014) suggest that employers in creating policies should consider the HIPAA and the Computer Fraud and Abuse Act and the Stored Communications Act. If an employee device is stolen and the employer performs a remote erase, they may end up erasing personal employee data becoming liable.
A good BYOD policy creates separate partitions of work and personal data on the devices. Pavon (2013) identifies that BYOD may see “wild” apps that are impossible to regulate or control. As such, scope establishes the policy cover, the level of employment and employees with access to the system and defines parties that own what information. Applicable use identifies the regions of the serves or what serves and the extent that an employee can access. It also provides restrictions. Libicki, Ablon and Webb (2015) suggest this is important to reduce attack surface liable to external interference by third parties. Totten and Hammock (2014) suggest a need for the company to identify reimbursement and costs associated with the program to prevent unnecessary litigation. The policy also needs to establish whether the employer will provide critical IT support, or it will be dependent on the employee. Security protocols consider the use of encryption and the strength of the encryption key; it also outlines procedures for recovering to managing stolen or lost data. It also provides processes for inspection and termination of an employee. Monitoring outlines the various violations and process for employee device management and reporting on remote activities.
Steps to Implementing a BYOD Policy successfully
1. Making a decision on whether the BYOD will be appropriate for the organization. This will involve evaluating the various activities and sensitivity of the data and organizations servers and systems/ network.
2. Creation of adequate policy that considers employer and employee benefits.
3. Creating the scope necessary for the applicability of BYOD
4. Create a partition of company and personal data within the device.
5. Create a plan for encryption and protection of data
6. Set up a monitoring platform
7. Sign up employees into the program by offering training on the compliance.
8. Offer continuous implementation and updates based on feedback and monitoring reports.
Conclusion
BYOD is a policy that is increasingly becoming a common practice within the business world. Organizations are recommended to create legally binding policies that allow employees to use their devices as it has been sighted to be more flexible and freedom-oriented to adopt a BYOD policy. BYOD reduces costs for the organization, introduces best practice, limits the scope of access and defines procedures for access and data management necessary for limiting the organizational attack surface.

References
Libicki, M., Ablon, L., & Webb, T. (2015). A Heuristic Cybersecurity Model. In The Defender’s
Dilemma: Charting a Course Toward Cybersecurity (pp. 61-98). Santa Monica, Calif.: RAND Corporation. Retrieved October 24, 2020, from http://www.jstor.org.sbcc.idm.oclc.org/stable/10.7249/j.ctt15r3x78.13
Pavón, P. (2013). Risky Business: “Bring-Your-Own-Device” and Your Company. Business
Law Today, 1-3. Retrieved October 24, 2020, from http://www.jstor.org.sbcc.idm.oclc.org/stable/businesslawtoday.2013.09.01
Totten, J., & Hammock, M. (2014). Personal Electronic Devices in the Workplace: Balancing
Interests in a BYOD World. ABA Journal of Labor & Employment Law, 30(1), 27-45. Retrieved October 24, 2020, from http://www.jstor.org.sbcc.idm.oclc.org/stable/43489455
Rajendra, R. (2014). Employee-Owned Devices, Social Media, and the NLRA. ABA Journal of
Labor & Employment Law, 30(1), 47-71. Retrieved October 24, 2020, from http://www.jstor.org.sbcc.idm.oclc.org/stable/43489456

Order | Check Discount

Tags: BYOD Policies