BYOD checklist for the SME


There are lots of guides and polices on the web for larger businesses who want to adopt a Bring-Your-Own-Device policy – but I’ve found fewer resources for sharp thinking SMEs who are embracing the BYOD movement. WIth this in mind I’ve assembled some key pointers below that should help you ask yourself the right questions at the start of the  process – plan well and BYOD can enhance your business practice, improve your productivity and give your business the edge that mobility can bring.

  • Which device platforms best support your mobile
    objectives?

    By platform I mean the operating systems Windows (Windows 8 & RT), iOS or Android – the choice of device platform comes down to these for now. If you have a platform in mind, are there devices or Operating Systems versions that lack features
    you require?
  • The best way to decide on a platform is check what devices are connecting to your network now and use that as your starting point.
  • You can discount devices that lack key features you need, unless you can
    compensate another way.
  • User agreement
    Be explicit from the start. and gain
    staff agreement 
    on your role in
    managing, securing,
    monitoring, and
    de-commissioning or retiring mobile
    devices.
  • Do you intend to remotely control the device at any point to give IT support? You may not do this yourself, but your IT company may be able to connect to mobile devices and ‘take control’ to install or update software and provide technical support. If this is the case, you need to tell you staff this is an element of the BYOD policy.
  • You may already have agreed that you will monitor email communication, but if your device is owned or part owned by an employee, they may be wary of monitoring of their email. Employees often have a greater expectation regarding privacy on both mobile and
    personally-owned technology, even if they’re using it for
    business purposes.
  • Be clear about how you will decommission or retire both
    company-issued and BYOD devices upon employee departure, and
    what that means for their personal data.
  • Encourage them not to
    store personal content on company-owned devices – if they were to lose their device they may expect you to be liable for consequential loss of their personal data.
  • Define a policy about which business data and apps you will
    remove if an leaves. For example, you may have paid for a licence for Office365 for their device, but when they leave that licence will be revoked and they will need to get one of their own. But they may have personal data stored on their Office365 SkyDrive – they will no longer have access to that – so be clear what will be removed

Who’s paying : company owned or personally owned?
You have a few options for how you buy or fund the devices:

  • Employee brings their own device to work
  • You buy a mobile device for them and you retain ownership
  • You give you employee a ‘digital allowance’; in some EU states this can be up to 250 Euros a year, free of tax. They can in turn add extra funds and buy a higher-end device of their choice, maybe from your approved list.
    Some businesses will ask for the device back when an employee leave,s some will sell it to them for a token sum. You should document the procedure as part of the BYOD policy.

A growing trend for small and medium businesses is to buy a device, accessories and support and maybe a mobile data contract ‘all-in’, via a monthly fee. A good IT services company will provide technical support, mobile-device-managment software and warranty support and access to trade-up. This managed tablet idea is a good one – it ensures you have the access to the latest technology with the least capital expenditure. 

Security & passcodes

  • Your policy should state that all devices, personal or company owned should be protected by a passcode. This should be ‘complex passcode’ and you should document how often it should be changed.
  • You should consider tagging your devices with a non-removable asset tag if the device is  company owned.
  • You should state in your policy what apps or programs are ‘black-listed’ – apps that the employee should not install, under any circumstances.

This sounds like quite a number of things to consider, but you can distill all of this down in to a one-page policy document which covers the key points of: who owns the device, what they can and can’t use it for, and what the happens if an employee leaves.

BYOD has gotten lots of focus recently, some of it not so positive, but it should be a good story, and with a litte planning, good for your business.

External links & references

Andy O'Donoghue

Andy O'Donoghue talks about technology, some say, too much.