3 reasons users break BYOD policies (and what you can do to stop it)

ThinkstockPhotos-485076865

Hopefully, your organization is among the many that have implemented BYOD policies explaining what users can and can’t do with corporate info on mobile devices. And more than likely, you’ve had your fair share of of users who have broken the policy. 

After going through so much trouble to craft BYOD policies that comply with the law and best practices, there’s nothing more frustrating than finding out those policies have been tossed by the wayside. But there may be some very easy steps you can take to prevent that from happening.

Here are three reasons your users may be feeling tempted to ignore perfectly sound policies that keep your data – and theirs – safe.

1. They don’t know your policies well enough.

Many users will sign off on any policy or document that you put in front of them. They assume it’s the cost of doing business.

But BYOD isn’t the same as code of conduct or even data storage policies. It’s optional.

Make sure that BYOD is an opt-in: Users should be told what they’re signing up for, and what it will mine from IT’s standpoint and theirs.

If they’re OK with the trade-offs or requirements, then have them sign. And give one final reminder that it can be voided from either side if you choose.

Hint: You may want to offer a BYOD-lite policy. This could be something that grants users the ability to do some things or use some apps on their personal devices, but doesn’t grant the same access or restrictions that they would have under the full policy.

2. They find the policy too cumbersome.

One of the best ways to get users to ignore or violate security restrictions is to have these policies get in the way of doing their jobs.

Even if users know what they’re signing up for when they sign the BYOD policy, if your policies are too restrictive or add too many steps, users are going to work around them. And if a technical security solution slows down their phones or causes glitches, you can forget about them sticking with it.

That makes selecting the right mobile device management or mobile security solution crucial.

A good solution is one that adds protection while running in the background, not creating obstacles or frustration for the user. Make sure that your policies make sense for protecting data, but also that they are something users would realistically stick to.

3. They can’t be trusted.

Insider threats, whether they’re from intentionally malicious or dangerously inattentive users are a top security concern.

If you notice users exhibiting troubling behavior, remind them their BYOD privileges can and will be revoked unless they shape up.

The biggest way you can undone by BYOD may not be having bad policies on the books. It may be not enforcing the good ones.