Bring Your Own Device (BYOD) was supposed to change everything. Businesses were expecting to see the benefits of unsurpassed productivity and communication, while employees were expected to be more satisfied with their jobs than ever before. No situation looked more win-win than that, and yet BYOD has turned out to be a much more complicated proposition. What seemed like an exciting arrangement has lost much of its luster for many businesses as reality has set in. The sad truth is that many employees simply don't care that much about BYOD and have even fewer concerns about the security issues BYOD brings up. In a recent survey, Centrify found that 15% of employees think they have no or minimal responsibility when it comes to BYOD security. It's a frightening statistic for business leaders, especially when sensitive company data can be easily stored on mobile devices. Now many executives are asking themselves what they can do to help their employees take BYOD more seriously.
For employees to care about BYOD, it all starts with education and training. Many workers don't take BYOD policies all that seriously because they simply don't know what the policies are. Some companies only give employees a form to fill out and sign, similar to any release. Considering how important BYOD is, this approach can be handled much better. Employees shouldn't just be given a form to sign; they should be trained and asked to pass a course on proper BYOD use before being allowed to use their personal devices at work. Employees also need to be educated about security risks and how to protect their devices from outside threats. Since these threats are always evolving, these education seminars and training sessions should be done with regularity every few months or so. Don't assume that just because employees were taught something means that they'll remember it a year of two afterward. This emphasis on education and training can also change the culture of the organization and help workers understand this is something everyone should take seriously.
Even with the proper education and training, some employees may not see why they have to bother with BYOD security. All the stats and security breach horror stories may not change their minds either. Some companies choose to go a different route with their workers, handing down punishments when BYOD policies aren't followed. The punishments can vary--some of them may deal with including BYOD as part of a worker's regular performance review. Other misbehaving employees may see certain privileges taken away, such as access to applications that may contain sensitive company data. If there is compensation for regular BYOD costs, employees who violate the established policies may have those funds taken away. In the most extreme of cases, businesses may even end up firing the offending employees. That tactic has stirred up plenty of debate, particularly when it comes to employee morale, but some business leaders feel it's the only way for workers to truly grasp how important BYOD is. Whatever method is chosen, company executives need to make sure employees know what the policies are and the consequences attached to breaking those rules before any punishments are dealt.
Another way to get workers to take BYOD seriously is through incentives. Companies may offer their employees a monthly stipend to offset the costs that increased use of a personal device may accrue. The stipend may either be given at the start of a BYOD policy or after a period of time in which the employee shows a commitment to following the guidelines set by the organization. As noted above, a stipend or compensation plan may be taken away as a punishment if workers don't comply, but many business leaders prefer the positive reinforcement approach to maintain a better working environment and get a better reaction out of their employees.
Here is a great slideshare that I found that explains some of the BYOD risks businesses face:
These are just a few suggestions that can play a role in getting workers to understand why BYOD security is such a vital part of an organization. Without compliance to BYOD policies, many businesses may have to resort to mobile device management software, giving them more control over each employee's personal device. If workers want to avoid losing some of their autonomy, they would be wise to follow the policies of their companies while still reaping the benefits of using their own devices.