BYOD: Advantages, Disadvantages & Best Practices for Small Businesses

Allowing employees to access business data on a personally-owned device is a risky strategy, so the decision to adopt a BYOD policy shouldn’t be taken lightly if cyber security is a priority for your business. Before you implement a BYOD policy in your organisation, planning for the potential hurdles is crucial. But first…

Advantages of BYOD

Is your business ready to realise the advantages of BYOD in the workplace?

Reduced IT costs: With staff using their own devices to complete projects, IT costs for employers go down.

Remote working: With the flexibility to access work files from anywhere, anytime using their personally-owned devices, employees will have much greater freedom than a traditional office desktop setup can offer.

Familiarity: Getting to grips with new operating systems takes time. BYOD ensures staff members are comfortable and confident with their own devices and reduces the risk of user errors.

Disadvantages of BYOD

Device usability: Some Mobile Device Management tools used to remotely manage personally-owned devices can slow down devices, making employees reluctant to use their own devices.

Security: Steps must be taken to ensure the level of security of personally-owned devices matches the needs of your business. Companies must take steps to prevent staff from losing, stealing, or inadvertently compromising data.

Managing multiple operating systems: Managing multiple devices means monitoring and maintaining several operating systems. Keeping up to date with maintenance often requires additional IT support to be employed.

Don’t be discouraged. BYOD disadvantages can be avoided by following BYOD best practices.

BYOD Best Practices: Dos and Don’ts

In August of 2016 the National Cyber Security Centre (NCSC) released an updated executive summary of the key aspects for organisations to take into account when considering a BYOD approach. Below, we have included an overview of the key points outlined in the summary. You can download the entire document here.

Understand the legal issues

It’s important to be aware that the legal responsibility for protecting personal information doesn’t lie with the device owner, it lies with the data controller. As a result, you must be aware of the laws relating to the safeguarding of your business data, including:

The Data Protection Act (DPA): According to the DPA, “Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.”

The Information Commissioner’s Office (ICO) is the UK’s independent authority established to uphold information rights in the public interest, promote openness by public bodies and data privacy for individuals. Their website includes plenty of advice relating to information security and outlines the following basic steps your business will need to take to prevent data being compromised:

• Design and organise your security to fit the nature of the personal data you hold and the harm that may result from a security breach.
• Be clear about who in your organisation is responsible for ensuring information security.
• Make sure you have the right physical and technical security, backed up by robust policies and procedures and reliable, well-trained staff; and
• Be ready to respond to any breach of security swiftly and effectively.

The Employment Practices Code: This code relates to the impact of data protection laws on the employee relationship, and requires that employees are given a certain amount of privacy in the workplace.

The ICO have released a handy quick guide to the employment practices code to help you ensure that your small business stays on the right side of the law.

Read the full article at GreenCloudHosting.co.uk.