Most experts agree that having a BYOD (bring your own device) program is inevitable — users will either have personal devices approved by IT, or they’ll find ways around IT’s controls and use those gadgets anyway. Therefore, organizations are better off having a BYOD policy in place so there’s some level of control.
But one problem is that IT consumerization is a new concept, and many companies are still experimenting with the best ways to create and enforce rules about personal devices. Here are five of the most common BYOD policy mistakes companies make:
1. Assuming official app stores are always safe
One common BYOD policy to design to protect security is that users should only install applications from their mobile platform’s official app store to avoid accidentally loading malware onto the device. However, even those app stores may not be completely free of malicious apps. For example, researchers have found malware available in Google Play, the official Android app store. Companies may choose to approve all app downloads beforehand, blacklist some apps, or simply offer users advice on choosing trustworthy apps, but blindly trusting everything in an app probably isn’t a good idea.
2. Invading users’ privacy
Though IT departments often lean toward greater control and monitoring than many users wish, even IT pros are wary of crossing too many lines when it comes to personal devices, according to a recent survey from security firm Moka5. Among the 335 IT employees surveyed, 77% said their organization’s approach to mobile device management is too intrusive to users’ privacy. To avoid potential legal issues, companies should minimize their level of access to what’s necessary and warn users about what control they’ll have over the device and what monitoring they’ll do.
3. Leaving support procedures up to users
When people start using personal smartphones or tablets for work, many of them start to expect their company’s IT department to provide tech support for those devices. That’s fine if the department is ready and able to handle those requests, but for some it can be a big problem. Companies may want to clarify in their BYOD policies when it’s OK to contact the company help desk.
4. Paying unnecessary expenses
Companies have a few options when it comes to paying phone bills in a BYOD program — they can make users responsible for the costs, pay the bill themselves, or reimburse employees for some or all of their work-related mobile expenses. If the latter two methods are used, the company should enforce a BYOD policy clearly outlining what expenses will be covered. According to one study, companies waste an average of $100,000 a year by covering unnecessary cellular expenses such as the costs of downloaded ring tones, charges for going over messaging and data plans, and charges for toll calls and messaging.
5. Failing to enforce compliance with the BYOD policy
Of course, policies don’t usually do much good if there’s no way to enforce or monitor compliance, so IT must have a way to make sure people aren’t using a personal device without following the company’s BYOD policy. Probably the best way to do that is to block access to the organization’s network and email servers for devices that don’t meet certain requirements, such as having a mobile device management application installed. Email especially is an important tool for assuring compliance, because that’s often the primary work-related task people do with their personal smartphones.
For more help writing your company’s policy, check out our BYOD policy template.