BYOD – The New NormGerald Trites, FCA, CPA
At one time, companies refused to allow employees to use their own computers for business purposes. They argued that personal computers were not safe; that they operated outside the web of security painstakingly put up for the company and that they would endanger corporate information and transmit viruses to the corporate systems.
It’s interesting to note that they were right. All of these dangers were real. But how things have changed! Now, many companies are not only allowing people to bring in their own computer type devices, they are in some cases even encouraging it. And they are developing policies to accommodate this phenomenon – Bring Your Own Device (BYOD) policies.
For the most part, it’s the changes in technology that brought about this change. The world of computers has been shaken up by the advent of smart phones and tablets. Whereas previously people relied on their PC’s and laptops, now a great many rely on their smartphones and tablets. They have easy connectivity to WiFi and the Internet and have come to expect to maintain this connectivity during their workday.
The internet has become as much a part of life as heating, air conditioning and the telephone. It’s not practical for companies to try to parallel these systems, so they have little choice but to embrace the privately owned devices.
BYOD Policies are heavily motivated by security and privacy. Most of the newer smartphones and tablets do have some security features, and these can be used as part of the overall security strategy. Then there is the question of whether encryption of the devices will be a requirement. The concern is to protect the data and the private information of the individual and the company. Some companies require that do data be downloaded to mobile devices. Rather the data must be kept on company servers or on the cloud. Security and privacy is something that needs to be managed, so the infrastructure for such management needs to be established in the BYOD policy.
Many companies find that it is all but impossible to set and enforce password policies for private mobile devices. The usual approach is to require a four number password. People often don’t even want this much security. But it is extremely easy to break four number passwords. It can be done with software in a matter of seconds. So that`s why many companies just prohibit the downloading of data into the devices, which can be done by establishing policies for trusted and non-trusted devices and allowing downloads only to trusted devices.
All of the policies that would be covered in a standard user policy would be covered in a BYOD policy. Changes need to be made to accommodate the peculiarities of mobile devices, but the principles are much the same. And these days, most companies need a BYOD policy.
Posted: October 4th, 2012 under General.