At one point or another, employees will inevitably conduct a bit of business on their own personal devices, be it fielding a phone call on their cell phone, using their smart phone to send an invoice or even using their own lap tops after-hours to pull together an important work presentation.
While most of the discussion surrounding employees personal devices surrounds how to get their technologies to sync with your system, HR managers should also consider exactly what should happen should you and the employee part ways (with him, of course, taking his personal device with him!), WorkForce Magazine reported.
Forrester Researcher analyst David Johnson noted that “companies do not put enough thought into how Bring-Your-Own-Device (BYOD) ends.” If an employee leaves and you don’t have the technology and policies in place to recapture company information instantly, that data will likely walk out the door with them, or worse, those ex-employees could continue to access the corporate intranet.
Mike McAlpen, executive director of security and compliance for 8×8, a hosted Voice over Internet Protocol service, recommends that companies employ a combination of policies, technology and audits to keep their network protected. At 8×8, for example, employees are only allowed to log on to the company network from personal devices as guests, which gives them access to email and basic company data, but prevents them from downloading any sensitive documents. Further, the company policy also clearly states that devices will be monitored to ensure compliance, and that a “remote wipe” procedure will be triggered immediately if they leave the company. To verify that the system is constantly secure, McAlpen regularly runs network vulnerability tests, tracks who is using the network, and conducts weekly user audits to make sure no unauthorized users have accessed the network.
Further, Nicholas Lee, senior director of end user services for Fujitsu America, said that companies may also want to consider who is allowed to use their devices for work. For example, only about 5 percent of Fujitsu employees participate in BYOD program, and they must complete an assessment to determine whether they qualify. “If the position doesn’t require BYOD, they shouldn’t use it,” he said.
The use of wiping technology protects company data, but it has to be handled thoughtfully. As such, labor attorney Michael Elkon recommends that companies implement carefully crafted policies and technologies that are strictly adhered to. Further, if companies let some employees walk out without having their devices wiped, it will make it much harder to argue in court that a piece of data is a trade secret that you have worked hard to protect. “A good BYOD policy that is rigorously applied is essential to that,” he noted.