The Bring Your Own Device (BYOD) movement is quickly gaining steam and should be on every organization’s radar in 2018.
Globally, the BYOD market is on target to reach nearly $367 billion by 2022, up from just $30 billion in 2014, according to BetaNews. The expected Compound Annual Growth Rate (CAGR) between now and 2022 is 15 percent, with businesses of all sizes expected to adopt BYOD policies. In the United States, the BYOD and enterprise mobility market is expected to grow from $35 billion in 2016 to $73 billion in 2021, with close to a 16 percent CAGR, according to MarketsandMarkets. BYOD adoption in the U.S. stood at 36 percent at the start of 2017, and could be near 40 percent of businesses in 2018.
If you have ignored the progression of BYOD until now, it may be wise to at least consider its benefits and challenges, even if you decide the risks are not worth the potential rewards. If you are already contemplating adopting or formalizing a BYOD policy, this article will also introduce you to some of the important legal questions to consider.
Benefits of BYOD
1. Increased employee productivity and satisfaction: In the 2016 Cisco Annual Report, the company found that 69 percent of IT decision makers in the U.S. were in favor of BYOD. A major reason was that workers were found to save at least 81 minutes of time each week by using their own familiar devices. Familiarity with operating systems and device technology enables employees to embrace new software with greater ease, which enhances productivity. This is one of the reasons why employee demand for BYOD is driving adoption at 45 percent of the firms that implement it, according to a Telecom Expense Management Industry Association (TEMIA) report. SHRM also reports that BYOD can “improve efficiency, effectiveness, and morale.”
Employee satisfaction also rises when workers are allowed to bring their own up-to-date devices. According to IBM, “Personal devices tend to be more cutting-edge, so your enterprise benefits from the latest features.” The same report also suggests that employees want to use their mobile devices for work; 83 percent consider these devices more important to them than their morning cup of coffee.
2. Device cost savings: Enabling employees to use their own laptops, tablets, and smartphones shifts the device costs from the employer to employees. Cisco estimates that companies with a BYOD policy in place save an average of $350 per year, per employee, and can save as much as $1,300 per year, per employee with a reactive program (employees replace aging company-owned devices with personal devices). Employees are also more likely to be careful with devices they purchased, which saves employers on replacing broken or lost devices.
3. Up-to-date technology: Consumer purchasing cycles for computers and mobile devices are typically shorter than business purchasing cycles, which means employees’ devices are more likely to be up to date with the latest hardware and operating systems.
4. Endpoint management of devices: New IT solutions have been developed to accommodate BYOD, including unified endpoint management solutions. These systems enable IT departments to manage and support corporate and personal IT assets, including those of remote employees, more effectively under one platform.
5. Cloud-based support and data storage: As IT services have moved to the cloud, scalable hardware and software support, as well as cloud-based data storage are reducing the maintenance and support costs for BYOD users.
Challenges of BYOD
1. Security vulnerabilities: IBM data reveals that 71 percent of CEOs and IT managers say that security is their most significant enterprise mobility challenge. BYOD device users use their devices for personal reasons as well as business reasons. This increases the likelihood of an employee downloading a malicious application that can compromise the device, leak sensitive company information, and even infect the organization’s network. BYOD users need to be trained in protecting their devices, and warned against taking their devices everywhere or sharing them with others who may not have this training.
2. Potential data breaches: Malware and viruses are not the only threat to consider. If an employee is fired or resigns, sensitive company information may still remain on the devices, even after being wiped. A tech savvy worker, in particular, could cause major security breaches by being in possession of certain company documents or data. IBM research shows that 39 percent of organizations have already had a data breach due to an employee’s or contractor’s lost or stolen mobile device.
3. Additional costs: Costs to provide security and help desk support in a BYOD environment are higher, according to TEMIA. In addition, many employers might find themselves having to offer stipends for mobile service expenses to employees in exchange for their willingness to use personal mobile plans for work. The overall complexity and diversity with a combination of BYOD and corporate-owned devices also brings costs up for IT management in this environment.
4. Employee privacy concerns: With BYOD, an employer’s IT staff have remote and network access to employees’ personal devices, and they also have to physically work on these devices to fix software and hardware issues. This can expose employees’ personal information and data to the company, and can create a sense of mistrust about the potential of privacy breaches. Many employees will have concerns about exposure of their private financial and health data, as well as their social communications.
5. New devices have to be tested for security risks: As technology evolves, companies with a BYOD policy will have to learn about new devices and the security risks they pose. For each device, the company will have to define security and management controls. This work can be prohibitively expensive.
Legal Questions to Consider
If your organization does decide to implement a BYOD policy, management and HR should involve legal counsel to mitigate the risks and protect the employer. Legal input will also help to develop a policy that defines what employers and employees are allowed and are not allowed to do with BYOD devices. Among the questions that should be considered are the following:
1. Are all employees eligible for the program, and are there conditions for eligibility?
2. What are employees’ privacy rights with personal devices used for business?
3. What happens if IT discovers an employee to be in possession of digital intellectual property that the employee should not have?
4. Does IT have the right to conduct discovery or monitoring of internet activity on employees’ devices?
5. If an employee has been charged with a crime, can IT search the employee’s devices for evidence or inappropriate material? And will such findings be admissible in criminal proceedings?
6. Who is responsible for a data breach after a termination, when the devices have been remotely wiped?
The significant list of considerations will give many organizations pause when considering adoption of a BYOD policy, while Millennial preferences for working in this type of environment will force some reluctant organizations into making the move. Where does your company stand on BYOD? Share your perspectives and experiences with our community on Facebook!