Employee devices, use and safeguards4.04.2017
It is increasingly common for staff to have personal mobile devices which they can and do use for business purposes. This has many benefits with regard to flexibility, but the use of such devices gives rise to an increased risk in terms of companies’ security for the protection of confidential and proprietary information.
It is important that companies who want to embrace this make sure there are adequate safeguards and controls in place to ensure that any risks from misuse are kept to a minimum. There are policies that can be put in place covering this which deal with the use of the device both in and out of the workplace.
It is important that any policy makes it clear what behaviour is expected of the employee and the consequences of failing to meet those requirements in terms of disciplinary action.
Any devices which are being used should be approved by the company’s IT dept. Arrangements should be reviewed regularly
and should be capable of being revoked if the device is being used in a way that could put the business or indeed the information that the business holds at risk. As with any policy it is essential that the policy is monitored and revised at least annually so that it is not only a statement of what should happen in a business but is a statement of what does happen.
Staff should also be aware that they should have no expectation of privacy concerning any data on the device of merits as monitoring and reviewing will be carried out as permitted by law.
Employees should also be made aware that they must use their best efforts to physically secure the device against loss or theft and that they keep any antivirus or anti malware software up to date. Only approved applications and software should be installed on the device. It is important that staff are aware that only they should be using the device not friends, family or associates. It is generally considered good practice to ensure the employee signs a declaration confirming they have read and understand any BYOD policy and that they agree to be bound by the terms.