Bring-Your-Own-Device Policies: The Challenges of Standardization

5 min read

Bring your own device (BYOD) policies allow employees to use their personal laptops, phones, tablets and other tech products to complete work projects. This practice is growing with the rise of remote work during and after the COVID-19 pandemic.

An article published in the International Journal of Information Management stated that many employees use their own devices at work regardless(opens in a new tab) of whether or not their employer specifically allows them to do so. The authors pointed to multiple studies and surveys explaining that many managers do not have established BYOD policies or do not enforce those requiring the use of company devices.

A worker using a mobile app and printer to create wire markers in a data center.

The need for standardization in BYOD policies

The International Journal of Information Management article found that many companies lack standardized BYOD policies or are lax with enforcement.

Standardized policies, if enforced, bring three advantages:

Ensuring proper security systems and procedures for personal devices
Maintaining consistent practices across the entire company
Verifying that devices are compatible with company applications, software and services

For instance, a BYOD policy may require password-protecting a smartphone and partitioning work-related applications. The company may also require device tracking, automatic backups to the cloud and the ability to lock or wipe the device if it gets stolen or lost.

Most facilities have many designated procedures — for everything from physical lockout tagout devices, like breaker lockouts or lockout padlocks, to maintenance and minor servicing procedures and labeling hazardous chemicals. Technology and devices are no different. Outlining clear procedures and best practices for employees is a vital part of creating a successful BYOD policy.

Device diversity challenge

Devices and operating systems may have different security features and unique vulnerabilities. These differences can make standardized security practices challenging. Based on the studies cited in the International Journal of Information Management, such complexities often lead to managers simply ignoring or not enforcing BYOD policies.

For example, Android and iOS phones have vulnerabilities and require different approaches to ensure security. Companies can require specific software or applications for workers’ personal devices, like a mandatory threat-detection software to comply with the BYOD policy. If the phone does not have these required programs, the employee won’t be able to access company email, documents or safety applications.

Maintaining data security

Data compromises are front of mind for many companies. 2021 saw a record 1,862 data breaches(opens in a new tab), with 1,802 the following year. The biggest breach, which involved Twitter, exposed varying levels of data from 221 million people.

Data thieves often exploit weak links(opens in a new tab) to access a company's databases. Many obtain login credentials or gain access using employee devices without proper security applications or on unsecured public Wi-Fi networks.

BYOD policies can address this issue by requiring security applications and virtual private networks (VPNs) to secure connections when the user is on a public network.

Network and infrastructure management

The BYOD trend creates challenges for network administrators. The most common issue is identifying devices and users and ensuring each phone or computer has the necessary systems to safely access the network without compromising its security.

Another challenge is scalability. One of the advantages of BYOD is that it allows for flexible access. However, this means traffic and usage could be unpredictable. A network and servers set up for standard in-office activity may become strained by remote users performing data-intensive tasks.

Network administrators can manage device onboarding to ensure the network recognizes employee devices. Meanwhile, network architects can create an infrastructure capable of handling usage spikes.

Consistent user experience

Consistency is essential for employees whether they use company-issued equipment or their own devices. Slow connections, confusing user interfaces or an inability to access certain applications or cloud-based tools from some devices can negatively impact performance.

The problems can also hamper efforts to reduce human error with workers taking shortcuts or using third-party applications because approved company software is inaccessible.

The best way to ensure a consistent user experience is to create a BYOD policy with specific device requirements. Employees need phones or laptops with the speed, memory and functions necessary to use mobile and desktop versions of company software.

Software licensing and application compatibility

Business software providers like Microsoft license products to companies. Often, these agreements specify the number of users or devices. These contracts can be quite challenging to implement now that each employee expects access to the software from several devices.

For almost all BYOD scenarios, per-user licenses are the better option. However, you need to ensure each user understands the device requirements and meets them when using their phone, computer or tablet.

Balancing employee privacy and company security

Employee privacy(opens in a new tab) is a complex subject, especially when it comes to personal devices. Employers are usually within their rights to monitor employees' web traffic and computer use when they are working. However, employees can argue that they have a reasonable expectation of privacy for personal items, such as the contents of a purse or wallet. They may include the contents of a phone or hard drive in this category.

The challenge comes when companies want to ensure data security, but employees do not want their personal devices audited for compliance because they have photos, files or apps for personal use.

The BYOD policy needs to set reasonable expectations for privacy and require steps, such as partitioning personal and work-related memory on the phone, to enhance data security.

Training and support challenges

BYOD can bring compatibility issues. Even if these are solved by creating clear device requirements, the diversity of devices and operating systems can make onboarding new employees and training them to safely use the applications or software challenging.

IT staff may also struggle to provide support for important applications because of the differences between devices and operating systems.

Developing a standardized BYOD policy

A standardized BYOD policy provides guidelines that employees need to follow if they want to use their own devices for work.

First, a company needs to make device requirements clear so that employees can decide which of their personal tech products to use for work. Second, the employer needs to clearly outline security requirements, such as ensuring a secure connection and using firewalls and antivirus tools on each device.

Any privacy considerations, support, training requirements and access rules should also be put in writing so that the company and employees can reference them as needed.

How might robots and artificial intelligence (AI) impact organizational safety protocols?

Take a look at how robotics and AI can impact safety and new considerations that these systems bring to the equation.

Article 6 min read
Reducing Chances of Human Error

When it comes to reducing the risk of human error in the workplace, there are a myriad of ways your company can be proactive.

Article 6 min read
Seven Steps to Building a Positive Workplace Safety Culture

Every company has a safety culture, and your employees’ behaviors, knowledge, and beliefs help shape it.

Article 6 min read
How to Prevent Inventory Loss in a Busy Warehouse

Inventory shrinkage occurs when a vendor has fewer products in stock than they have in inventory.

Article 6 min read