Is A Bring Your Own Device Policy Right For You?

A Bring Your Own Device (BYOD) policy is a set of rules that apply to an employees using their personal phone, tablet or computer for work purposes.

There are a number of reasons why companies would choose to implement a BYOD policy over assigning company issue technology. But for rail contractors in particular there are certain risks and considerations to be addressed.

In our previous blog, we summarised the particular cybersecurity risks faced by rail contractors:

• A mobile workforce means networks may not be secure
• Sharing data across multiple, general use communication platforms such as WhatsApp
• Sharing data with external companies [Clients and stakeholders]
• Personnel changes and subcontractors

A comprehensive BYOD policy can help circumvent some of these issues.

Is BYOD Right For You?

Pros

• Cost saving: Allowing employees to use their own devices eliminates the cost of purchasing and replacing new technology for them. Generally, people like to keep up with the latest technology and are likely to take better care of a personal device because the burden of repair costs is on them.
• Device preference: Be it Android or iPhone, mobile or tablet, everyone can use the devices they know and feel comfortable with. With no learning curve, workers are ready to get started straight away. The result can be less pushback when it comes to adopting digital processes. 
• Satisfaction: Simply by allowing employees to use their own devices you can boost their morale. They respect their ability to choose, be flexible with devices and responsible for their own technology.

Cons

• IT support: IT support cannot be standardized if everyone has a different device. Custom software may not work on all devices, they may not be kept up to date and the IT team could face pressure to learn all new systems or fix non-work-related issues. A standardised device rollout means that IT support can be more efficient and agile.
• Security risks: It is more difficult to govern how employees use their own devices which opens you up to increased security risk. Workers will be accessing and transferring sensitive data, using a range of sites and networks. You need a set procedure to ensure your information is kept secure and can be reclaimed when employees leave for pastures new.

So, there may be less cons to BYOD by number alone, but the potential impact is catastrophic. It’s important to consider these risks so that you can create a policy to alleviate them.

If you do decide to adopt BYOD there are a number of measures that you need to take to make it successful.

What To Include In A Successful BYOD Policy

A Clear Specification Of Acceptable Devices

You may need to limit your policy to certain devices so that the IT support, maintenance and software requirements are manageable. Create a list of which devices are ok and which are not, taking your employees’ needs into account. If the majority of your workforce own one device or model, it would make sense to incorporate that into the list.

A Device Security Policy

You should have a set of minimum requirements for employees to keep their device secure. This might include:

• Strong passwords and recognition scanning 
• Antivirus software
• Regular software updates

The burden of responsibility is with you as well as them. Any apps you provide should have two-factor authentication and the ability to be deleted remotely. If your workers are not willing to implement these measures, a BYOD policy is not for them. They should also be required to attend yearly cybersecurity training, with a clear understanding of the risks of an information breach.

A Service Policy

It’s important to make clear what your company will take responsibility for and what it will not. If you’re not careful, you might find your IT team becomes less like a business function and more like a personal support system, helping employees with their own queries.

Your service policy should cover:

• What IT can help with.
• Who is responsible for repair costs.
• Whether the company will provide loan devices when a personal one is being repaired or replaced.
• Data reimbursement if usage is required above their standard contract.

Consider Your Employees’ Personal Data

The privacy of your company data is not the only concern: you should prioritise your workers’ privacy too. Your involvement in their device management and usage should never include copying or storing personal data including locations, apps and passwords.

Being open and transparent about your data privacy policy will result in more buy in and trust from employees.

An Exit Strategy

One of the main differences between a BYOD policy and company issue is that when someone leaves, they take their device with them. At that point you need to remove their access to company information, business email and apps.

There are a few ways to do this:

• Check all apps and logins are removed before the employee leaves
• Change all passwords and remove access permissions
• Disable the company email address

With these requirements clearly laid out, both you and your employees know what to expect when the time comes to part ways.

A Compliance Monitoring Process

Finally, your BYOD workforce needs to managed. Simply having a set of policies is not enough - you need a process to regularly check compliance and remind employees of their obligations.

In conclusion, implementing a Bring Your Own Device (BYOD) policy can offer various benefits, including cost savings, device preference, and increased employee satisfaction.

However, it also comes with certain drawbacks, such as IT support challenges and security risks.

To make a BYOD policy successful, companies must create a comprehensive plan that includes a clear specification of acceptable devices, device security policy, service policy, consideration of employees' personal data, exit strategy, and a compliance monitoring process.

By doing so, companies can ensure that their BYOD policy is effective and secure.

Rail contractors, in particular, must be aware of the specific cybersecurity risks they face and take appropriate measures to protect themselves.

If you are looking for a data analysis app that can securely store your data in a centralized location, Raildiary can provide you with a solution.

‍