Beware of the Big Bad BYOD….

The availability of greater flexible working patterns for more individuals and improved communication networks has seen a boom in “Bring Your Own Device” (BYOD). This is where staff use their own laptops, smartphones and tablets to carry out their work duties. There are undoubtedly positive aspects to BYOD for both employers and employees in that it helps to create a better work/life balance, whilst simultaneously cutting costs when it comes to overheads

However, employers should beware of the possible pitfalls, in particular the security threats. BYOD has created headaches for IT departments which need to control access to organisational data and limit the danger of viruses and malware. Furthermore, the legal responsibility for protecting personal information lies with the data controller; this is likely to be the employer, not the device owner. The last thing you want is to be faced with a potential fine by the Information Commissioner of up to £500K for a breach of the Data Protection Act and the adverse publicity that generates.

To assist organisations, the Government’s Communications-Electronics Security Group has produced guidance on data protection issues and security risks. In line with this guidance, our tips are that all employers should:

1. Consult staff and consider what devices they use.  Get input from different levels of seniority to find out their needs. Understand the way in which members of staff use devices for business purposes.  You may wish to give staff the chance to choose a device from an approved selection.
2. Draft a BYOD Policy and security procedures. Control network use, encrypting organisational data and reserve the right to shut down or wipe devices that become a security risk or on termination of employment. This could include a remote wipe feature. Procedures should be put in place to ensure that security incidents are responded to quickly.
3. Consider using a cloud-based communications system. This will reduce concerns over security of content accessed on individual devices.
4. Be flexible on whether you introduce a universal BYOD program or have a mix of personal and corporate devices. It may depend on the nature of your data and how sensitive it is.
5. Increase IT Support and train staff. Increased device support should be anticipated so that a greater number of device types can be handled. Train staff on the policies and procedures introduced to create a safe way forward.
6. Get signed agreements from all staff and monitor compliance. This will be valuable to protect the organisation from any data loss, reputation loss and/or legal action resulting from lost or leaked information or to determine rights over the data upon termination of employment. Check with your IT provider to review staff compliance and any data issues.

If your staff use their own devices for work, let us know if you’d like us to draft an appropriate policy which provides you with the security and flexibility that you require.

Insights.

Post-Termination Restrictions: Supreme Court to the Rescue
18th July, 2019

Céline Winham considers recent Supreme Court case which clarifies enforcement of post-termination restrictions in contracts of employment

What is “independent legal advice”?
17th July, 2019

Fiona McAllister explains the mystery of when and why independent legal advice is required.

Bullying and harassment in the workplace
9th July, 2019

Céline Winham explains what exactly bullying and harassment at work is, what it can mean and your rights.

Perceiving is Believing
4th July, 2019

Céline Winham looks at a recent case and explains that employers must be careful not to make assumptions about the current and future effects of any employee’s medical condition.