With mobile devices being as popular as they are, so ingrained into modern culture, the fact of the matter is that your employees are going to have them in the workplace. They may even want to use them in a work capacity. This can provide a few benefits to a business, as long as it is managed properly. A carefully-crafted mobile device policy can help accomplish this.
Here, we’ll go into what your mobile device policy needs to cover, if you are considering integrating one or revisiting the one you currently have.
Due to its extreme importance to your business and its success, security seems to be an appropriate place to start. There are many guidelines that you should enforce among your staff in exchange for the ability to use their own device to not only protect your operations, but also to help prevent these devices from threatening your organizational productivity. For instance, it is probably a good idea to include the following:
- All devices must be password-protected in accordance with your company’s password policies and guidelines and set to lock if left idle for a given amount of time.
- Employees are unable to install any applications that are not approved by the company.
- Any devices not included in the acceptable list, or that are not a part of a BYOD policy (i.e., are exclusively for personal use) may not connect to the network.
- Any device may be wiped if it is misplaced, if the owner leaves the company, or a potential threat is detected by IT.
Of course, this is not a comprehensive list (as none of our examples will be), but it is a good starting point to help you establish your mobile-based policies.
Liabilities, Risks, and Disclaimers
On the topic of security, you will want to make sure that you are not only protecting yourself against external threats, but also the ones that can influence your internal productivity or are sourced from within your business. In other words, you need to cover your butt. This can be (at least partially) accomplished by including a few items in your policy:
- Any lost or stolen devices need to be reported to IT within 24 hours, with the mobile carrier notified immediately.
- By using their mobile device, an employee consents to the company’s acceptable use policy and adheres to it.
- Any mobile device is subject to being disconnected from the network or have its services disabled without notice.
- Should a device need to be remotely wiped to protect company data, IT will make every effort to protect the user’s data from being lost. However, the company’s security will come first, which means that users need to take their own backups.
It is important to put all of these policies in writing to establish precedence.
Your mobile device policy should create clear guidelines for how your employees are to use their personal devices in the workplace, or out of it for work purposes. Many of these are largely up to your discretion, while others tie back into security and are strongly recommended. This is why you will want to include things like:
- Clear definitions of acceptable business use and acceptable personal use on company time, as well as what actions are forbidden at any time (such as storing illicit materials or harassing others).
- A list of the business resources that employees can access via their mobile devices.
- Approved and disapproved applications – including those acquired outside of Google Play or iTunes.
- Which websites cannot be accessed through the corporate network.
Again, this has been a very brief selection of points for your mobile device policy to cover. For more assistance designing, implementing, and enforcing it, reach out to the pros at Reciprocal Technologies.