B.Y.O.D

Forensic Accounting


By Lindsay Gill

October 4, 2013

“Bring your own device,” or “B.Y.O.D,” is a concept that an increasing number of companies are implementing.  B.Y.O.D allows employees to use their personally-owned devices in the work place. These devices can range from laptops and tablets to cell phones and flash drives. While B.Y.O.D may be a good plan in theory – employees can work with devices they are comfortable using – It is important for employers to thoroughly consider the implications and potential pitfalls before implementing a B.Y.O.D policy.  Consider, for example, the following key areas regarding the security of corporate information and infrastructure:

Network security: When an employee connects their personal device to the corporate network, they are exposing the company to many risks, including the potential for a virus to enter the corporate network.

Corporate information: The security of confidential corporate information may be at risk with B.Y.O.D.  An electronic device connected to the corporate network could be used to capture key corporate information that may be removed from the company.

Employee understanding: There should be a clear agreement between the company and the employee regarding B.Y.O.D. Many companies allow employees to purchase and use their own cell phones for business communications but don’t allow personal computers to connect to the network. When you consider that today’s cellphones are little more than small computers, often with access to the same information that can accessed from a laptop, such a policy can provide a false sense of security. For this reason, many companies limit cell phone access to corporate email.

Device security: Corporate policy should include a requirement that cell phones be password protected.  Many cell phones now have the capability to be remotely wiped, which can aid in protecting corporate information on personal devices if lost or stolen.

Policies and procedures: The key to a successful B.Y.O.D program is a well-documented and enforced corporate policy – one that is in place before the first employee-owned device connects to the network. These policies should include consideration of:

  • A list of approved devices
  • What data may be accessed from a personal device
  • Whether data may be downloaded to a personal device
  • Who is responsible for securing the device
  • Who will provide technical support for the device
  • What the expectation of privacy is as it relates to B.Y.O.D in the workplace
  • What steps must be taken when an employee leaves the company

It is important that these polices not be written once and set on the shelf never to be changed.  B.Y.O.D policies will need to be revisited often to ensure that they are reflective of the current trends in technology.