Bring Your Own Device Policy | Office Security

It’s easy to understand why more and more businesses are taking a “bring your own device” (BYOD) approach to the smartphones, tablets and laptops many employees rely on to do their jobs. BYOD can boost employee efficiency and satisfaction, while often reducing a company’s IT costs. However, this approach isn’t without risk for both you and your staff. So, it is highly advisable to create a strong formal policy that combines convenience with security.

Primary Concerns

As an employer, one of the primary concern with a BYOD policy is the inevitable security risks that arise when your networks are accessible by personal devices that could be stolen, lost, or hacked. You must also consider the various legal compliance issues, such as electronic document retention for litigation purposes or liability for overtime pay when nonexempt employees use their devices to work outside of normal hours.

For employees, the main worry comes down to privacy. Will you, the employer, have access to personal information, photos, and other non-work-related data on the device? Could an employee lose all of that if you’re forced to “wipe” the device because it’s been lost or stolen, or when the employee leaves your company?

Important Obligations

A BYOD policy must address these and other issues. Each company’s individual circumstances will determine the final details, but most employers should, at minimum, require employees to sign an acknowledgment of their obligations to:

Use strong passwords and automatic lock-outs after periods of inactivity
Immediately report lost or stolen devices
Install mandated antivirus software and other protective measures
Regularly back up their devices
Keep apps and operating systems up to date
Encrypt their devices

The policy also should prohibit the use of public wi-fi networks or require employees to log in through a secure virtual private network when connecting via public wi-fi. You may want to forbid certain apps, as well.

In addition, you need to spell out your rights to access, monitor, and delete data on employees’ devices — including the types of data you can access and under which conditions. In particular, explain your wiping procedures and the steps employees can take to protect their personal information from permanent erasure.

Protection Now

Nearly everyone who works for your company likely has a smartphone at this point. As such devices continually integrate themselves deeper into our daily lives, it’s only natural that they’ll affect our jobs. Establishing a BYOD policy now can help prevent costly mistakes and potential litigation down the road.

Let the expert team at Anderson and Whitenay provide further information and guidance. Please feel free to contact us with any questions you might have!

Cookie	Duration	Description
_GRECAPTCHA	5 months 27 days	This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
_hjAbsoluteSessionInProgress	30 minutes	Hotjar sets this cookie to detect the first pageview session of a user. This is a True/False flag set by the cookie.
_hjFirstSeen	30 minutes	Hotjar sets this cookie to identify a new user’s first session. It stores a true/false value, indicating whether it was the first time Hotjar saw this user.
_hjIncludedInPageviewSample	2 minutes	Hotjar sets this cookie to know whether a user is included in the data sampling defined by the site's pageview limit.
_hjIncludedInSessionSample	2 minutes	Hotjar sets this cookie to know whether a user is included in the data sampling defined by the site's daily session limit.

Cookie	Duration	Description
_hjSession_1215049	30 minutes	No description
_hjSessionUser_1215049	1 year	No description

Client Login Center

Primary Concerns

Important Obligations

Protection Now

970.352.7990 • 5801 W 11th St, Suite 300, Greeley, CO 80634