There are few things in this world that can cause an IT manager’s blood pressure level to spike faster than the thought of giving every employee permission to connect to the company’s network with their personal devices. But that's the reason for a company's Bring Your Own Devices policy, otherwise known as BYOD.

Beyond the nightmares of delivering the bandwidth needed to accommodate every device, there is also the ever-looming threat of potentially massive data breaches and ransomware attacks.

The National Health Service (NHS) in the UK suffered from the infamous WannaCry ransomware attack in 2017. Even though a “kill switch” to stop the spread of the malware was discovered a few hours after the first reported case, up to 70,000 devices were infected. Although no ransom was said to have been paid, it is reported to have cost the NHS £92 million in disruption to services and IT upgrades.¹ 

These security risks and the amount of time it takes to implement a BYOD policy are just a part of the reason why many companies don’t already have a policy in place. But with the proliferation of smart devices in the workplace, having one might help your employees be more productive.

Before you start down the road of figuring how to implement one, you should first figure out if it makes sense to implement one in the first place.

Here are the things you should consider first.

Can Your IT Team Manage It?
How Will Employees Use Their Devices?
Will Employees Need To Upgrade Their Devices?
Are You Prepared For Budget Changes?
How Will You Mitigate Data Loss?
How Will You Manage Licensing and Potential Legal Issues?
What If No One’s Ready For It?

Download: The (Surprisingly Painless) Guide to BYOD

Can Your IT Team Manage It?
Giving your employees the ability to bring in their own devices increases the amount of risk your network will face. It will become vital that you keep security measures and policies in check.

That includes keeping network infrastructure equipment such as access points and switches up to date with the latest firmware and patches, as well as the relevant network configuration and management to ensure segregation of network traffic where appropriate. All of which means more workload for your IT team.

If you have the internal IT resources, it may be possible to implement an adequate BYOD policy. However, if multiple sites are involved, even larger IT teams can find it challenging. Cloud-managed network solutions can simplify deployment and management greatly. It allows the deployment of network equipment without technical personnel, as well as centralised monitoring and management of the entire network. Alternatively, managed service providers (MSPs) can help to configure and monitor networks and define BYOD policies, at a recurring cost. 

How Will Employees Use Their Devices?
Company computers and smartphones are often protected with administrative rights when it comes to what programmes and apps can be installed. They are often pre-installed with adequate anti-virus protection. This not always the case with personal devices.

People are using their phones more and more to access the internet. And, because of that, hackers are attacking phones more than any other device, meaning allowing personal smartphones to connect to the office wireless could open your network to more phishing, malware, and data leaks. What’s more, is that employees might not even have to click the now. Hackers can now simulate ghost taps on your phone and execute actions without your knowledge, making security even more important.

The good news, though, is that giving employees the opportunity to use their phones might help them be more productive. Sometimes, employee devices are more up-to-date than company devices, potentially making them faster and more secure. It also means employees might be more familiar with them or using them for work even when they’re not at the office.

Will Employees Need To Upgrade Their Devices?
As we mentioned before, you’ll need to maintain security and compliance when you implement a BYOD policy. Therefore, there may be a case to only allow devices running certain operating systems to connect to the company network. Because of this, employees with older devices might be at a disadvantage for two reasons:

• The first is that older devices, such as phones and tablets, might not perform as well on the network, thus possibly making them less productive.

• The second is that older devices are less secure, either because they’re no longer receiving updates or because they run technology and software that’s more susceptible to hacking.

Either way, your employees might be forced into a tough position where they have to spend more of their money in order to meet the criteria to use their own device in the workplace.

Are You Prepared For Budget Changes?
Your network needs can change for many reasons, including company expansion and growth or slow periods and declining growth.

If you implement a BYOD policy, you’ll need to know that you can respond to shifts in bandwidth needs and new initiatives—even if they aren’t a part of the BYOD policy—such as implementing cloud-based applications or new video-conferencing software.

If you’re using managed-services, you’ll need to know whether or not you can add more bandwidth as needed and whether or not you can adjust to potential cost increases by your managed service provider.

While it might be a difficult and tedious process to set up a BYOD policy, it could also be costly and time-consuming to take it down.

How Will You Mitigate Data Loss?
Employees who use their devices to work will end up storing company files on them. These could include emails, presentations, technical documents, financial records and business contract. Before you give employees the option to use their devices to conduct work and store company files, you need to consider all of the risks to your data and theirs.

Beyond security leaks, hacked databases, malware, phishing, and more, how will you navigate collecting all of that data when an employee leaves or their device is damaged or lost?

Some of this can be mitigated through Enterprise Mobile Management (EMM) or Mobile Device Management (MDM) software. However, they add to the total cost and complexity of your network.

They store information in containers that help separate company data from personal data, such as pictures and contacts. And you can use them to remotely back up and delete company information from their phone when they leave while leaving their personal information intact. 

Either way, before you start down the BYOD road, you’ll need to figure out the best way to wipe company data from personal devices without capturing or deleting their personal data.

How Will You Manage Licensing and Potential Legal Issues?
Many companies license software, hardware, and more to complete work. But what happens if someone uses those services for personal projects and those projects violate the terms and conditions of the license or directly compete with your business?

If someone downloads, streams, or shares trademarked, copyrighted, or illegal content using their mobile device, but through software or a service that your company licenses, who’s ultimately responsible for any potential legal ramifications?

These are serious issues that need to be addressed before you start. It might even be an issue you need to, or have already, addressed for company-owned devices.

However, if it’s a road you and your staff would rather not travel down, then it’s best not to get involved in a BYOD policy at all.

What If No One’s Ready For It?
With all of this said, there’s still the possibility that employees don’t want a BYOD policy. But maybe they still want to use the Wi-Fi at work to connect their devices?

There are ways to solve this, including setting up a separate network that allows for connecting personal devices but doesn’t provide access to company assets or material. Or maybe you set up a BYOD policy that only allows access to specific apps and services.

At the end of the day, some employees might not want to give up their privacy, even if there are benefits to using their devices at work. Or they might even consider it a benefit.

Whatever you decide, make sure you’re confident with your decision. And, if you are ready to take the next step, we have a guide that can help you plan and prepare for it.

^{1 https://www.hsj.co.uk/technology-and-innovation/cyber-attack-cost-nhs-92m--dhsc/7023560.article}