The consumerization of IT has had far-reaching impact. Employees increasingly desire to utilize their favored devices – whether Mac, PC laptop, iPhone, Android, or whatever else may come. As a result, enterprises have created mobile applications which often enable simple and better-to-manage solutions in many instances for business owners. There are a number of reasons why BYOD is important, including:

• Improved employee productivity. Employees who have the ability to use a favored, familiar device are likely to be more productive than those who are forced to learn the ins and outs of unfamiliar equipment. More importantly, employees find it easier to work from home or other locations when they do not have to switch devices. 
• Device cost savings. More BYOD translates to fewer company assets to issue, track, manage, repair, upgrade, and maintain. 
• Simplified onboarding and offboarding. BYOD MDM tools can enable or disable company network access without the need to modify the BYOD device.
• Better employee relations.  Employees with BYOD devices feel more in control of their environment, are often more productive when they feel empowered with BYOD and are more apt to work remotely when they can use the same device.
• BYOD as perk. For many employees, BYOD demonstrates the company is forward-thinking and tech-savvy. Most employees receive some reimbursement for using their BYOD devices, since organizations see substantial savings by not having to purchase and maintain those devices.
  

There are a number of modes of BYOD operation. First, the organization should establish security policies for every device since weak passwords and unsecured devices can lead to data loss. BYOD polices should establish:

• Minimum security controls including data encryption and password strength
• What type of enterprise data can be stored on local devices (if any)
• Whether timeout controls and auto-lock features will be enforced
• Which mobile device security or mobile data management (MDM) software must be installed on BYOD devices, if any.
• Whether the organization is authorized to remotely wipe the device of business information if lost, if employment is terminated, or if a policy breach is detected

A business’ level of security procedures will depend on the type of organization; for example finance or healthcare organizations require higher levels of security than a small start-up web design firm.Once security policies are established, organizations should define acceptable usage guidelines to determine how BYOD devices may be used during the course of business activities. This will help prevent malware or viruses from gaining access through unsecured websites and applications. These policies should cover

• Acceptable applications for employees to access from personal devices, with a clear delineation of the types of applications acceptable – and those that are not.
• Which websites are off-limits while connected to enterprise resources, corporate network or VPN.
• Which enterprise applications and data can be accessed from user devices; i.e. email, calendar, messaging, contacts, etc.
• Storing and transmission of illicit material, or utilizing devices for other outside business activities from personal devices

Polices should be enforced through the use of BYOD MDM software, which enables monitoring, managing, and configuring BYOD and employer-owned devices from a single central dashboard. Typical MDM functionality for BYOD includes

• Automatic scans of BYOD devices for threats, including blocking dangerous applications from the corporate network
• Pushing anti-malware updates to devices and ensuring its installation
• Remote installation of updates and patches to OS and applications
• Security policy enforcement
• Automatic backup of enterprise applications and data periodically or on demand
• Wiping lost, stolen, or compromised devices remotely

Once BYOD policies are established, they must be communicated to employees and sufficient training provided to make adoption simple and widespread. A training manual for new hires that outlines the policies and why they were chosen can help alleviate fears of the organization ‘spying’ on employees and help increase their comfort level with polices and MDM software alike. This should conclude with every BYOD employee agreeing that they have read and understood these policies to protect the organization from any liability caused by illegal or inappropriate use of their devices.

Finally, BYOD plans should include an exit plan for employees who leave, regardless of their reason for departure. This should include HR and network directory exit plan and should have a BYOD exit checklist that includes disabling of company email accounts, remotely wiping employer information from devices and entirely wiping company issued devices and changing any shared password to company accounts.

Additionally, BYOD policies could include defining a stipend from the company to help pay for BYOD data plans or home broadband connectivity, and whether employees who check email or answer business calls after hours are entitled to overcome compensation.