Cyber Health

Bring Your Own Device Policies – What do you need to have?

Bring Your Own Device, or BYOD, has become an important technology topic over the past ten years as mobile devices have increased their capability and sophistication.  But how should your company deal with employees using their personal devices for work?  What company services do you allow employees to connect to from their personal devices, and what should you restrict to only corporate-issued computers?  The answer is: it depends!  There is no single right answer for every company when it comes to BYOD, but you should start by thinking about the following aspects:


Benefits of having a BYOD policy

  1. Increased Productivity: Allowing employees to use their own devices can help to increase productivity by enabling them to work from anywhere, at any time, and on a device they are familiar and comfortable with.
  2. Employee Satisfaction: A BYOD policy can help to improve employee satisfaction by giving them more flexibility in their work and allowing them to use their preferred devices. This can help to attract and retain top talent.
  3. Cost Savings: A BYOD policy can save companies money by reducing the need to purchase and maintain devices for employees. Additionally, employees may be more likely to take good care of their own devices, reducing the need for repair and replacement.
  4. Increased Mobility: A BYOD policy can help to increase mobility, enabling employees to work from different locations and on-the-go. This can help to improve collaboration and reduce the need for physical office space.
  5. Innovation: A BYOD policy can help to drive innovation by enabling employees to use the latest and greatest devices and apps, which can lead to new and better ways of working.

However, BYOD policies also come with risks, such as security concerns, compatibility issues, and potential data breaches. Therefore, it's crucial for companies to establish a comprehensive BYOD policy that includes guidelines for security measures, data backup, and device management to help mitigate these risks.  Every company should have a BYOD policy that includes the following elements:

  1. Device management: Companies should establish guidelines for which devices are allowed and how they are managed. This can include policies for device registration and management, configuration, and monitoring.
  2. Security measures: BYOD policies should include security measures such as password requirements, multi-factor authentication, encryption, and remote wipe capabilities. Companies should also establish guidelines for antivirus and anti-malware software, as well as guidelines for downloading and installing software on personal  devices.
  3. Data backup: BYOD policies should include guidelines for regular data backups to company services to prevent data loss in the event of a device failure, theft, or loss.
  4. Acceptable use: Companies should establish guidelines for acceptable use of personal devices for work-related activities, including prohibited activities such as accessing inappropriate websites or engaging in activities that violate company policies.  Or specifically, connecting to the company network from a personal device.
  5. Employee privacy: BYOD policies should include guidelines for employee privacy, including how the company accesses and uses employee data on personal devices.
  6. Compliance: Companies should ensure that their BYOD policy complies with relevant laws and regulations, such as data protection laws and regulations related to data breach notifications.
  7. Communication: It is important for companies to clearly communicate the BYOD policy to employees and to provide training and support for device management, security, and compliance measures.  Some companies require their employees to sign an acknowledgement of their BYOD policies, similar to an employee handbook.


If you need help getting started on a BYOD policy, please feel free to reach out to the CyberHealth team!

To view other PMMI CyberHealth content, visit Got a more specific question? Email [email protected]Be sure to also opt in to the CyberHealth e-newsletter to get cybersecurity updates straight to your inbox.