The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/588021
WWW.ILTANET.ORG 21 BYOD safely or the IT manpower to handle a flood of support calls for a wide range of devices might limit how quickly it can safely implement a BYOD policy and determine which devices or IT services will be available to employees. While switching to a BYOD policy might save corporations money in the long run, the savings that come with making the switch should be seen as part of a company's return on investment, not as a quick financial fix. Plan: Once the broad framework is built, it is time to finalize the details of the policy. From Android and Apple phones to tablets and wearables, defining exactly what is meant by "bring your own device" is critical. Companies should be device-specific, or limit the devices, and establish a clear service policy for the list of approved BYOD devices. BYOD policies can be expansive or narrow, from allowing employees to use any device they choose, including smartwatches and other unique devices, to limiting BYOD coverage exclusively to smartphones. Companies will need to decide where they want to fall on the spectrum by specifying which devices they will support and what corporate- issued devices they will continue to provide, if any. If corporations have the resources and technical support to track and service multiple devices per user, learning how to manage and monitor data securely across those devices becomes an additional concern. As a possible solution, some companies keep a registry (via an identity system or a change and configuration management database) of connected devices and their users, allowing the company to audit their network regularly to detect unauthorized connections and resource usage. In the midst of planning the functional aspects of a policy, it is equally important to address employee exit strategies. The BYOD policy should reference a company's separated employee process and vice versa. Depending on each company's security needs, some might feel content with disabling email or synchronization access; some might want to require a complete "exit wipe" of the device. Both methods can be finalized before the employee's exit interview. Implement: Many security companies predict that personal devices in the workplace will be the next victims of corporate hacks. Specify what kinds of corporate data may be accessed on which devices and implement mobile device, data and app security measures in your BYOD policy to help prevent a data breach and protect company data and confidentiality. Many security companies predict that personal devices in the workplace will be the next victims of corporate hacks.