In today’s technology world there are many reasons why you could allow users to use their own devices for work. As a technical person, it makes no business sense to have tools that I purchase for myself and my organization that must be used on a separate device. If you allow users to use their own devices, be aware of where data is stored. What if that device is lost or stolen? How would this affect you? Do you have a policy applicable to a person using that device?
Areas you should consider when writing up a BYOD policy are:
- Anti-Virus software: What is your policy for this?
- Password security: Is there a password to access the device?
- Backing up data: If anything is stored locally to the device, how is it backed up?
- Firewalls: Can the device be accessed remotely?
- Access to your system: Is there a policy for physical device security?
- Expectation of privacy: Should the user give you permission to access the device?
- Work related expenses on a BYOD device
- Special Software: Who owns it? How does it get installed? Who supports it?