The debate on both sides continues: the pros and cons of incorporating the BYOD concept into the workplace. BYOD has, indeed, become a hot topic where debates on both ends of the discussion-spectrum range from 'lower business costs and happier employees' to 'security hazards and added burdens on IT departments'. Even though proponents would argue that the benefits of incorporating BYOD into business environments outweigh any risks, one only has to examine those very risks to realize their potential for harm is too concerning and cannot just be swept under the proverbial rug.
Here are five reasons your company would want to think twice before adopting a BYOD strategy:
Security Risks
Security is, certainly, at the top of any business’s concerns as it applies to any technologies that are utilized. Obviously, any employees’ personal devices are going to be portable which means the possibility of any one those becoming lost or stolen poses very real risks. Additionally, if a personal device has Bluetooth capabilities or is used in Wi-Fi areas that are not secure, it opens up increased opportunities for hackers. This is vulnerability just waiting to happen.
When sensitive company information is embedded onto a personal device and the owner of that device quits or is fired, making sure all company data is extracted from the privately-owned cell-phone or tablet can poses an array of legal issues. Companies in the past have been sued for wiping company data from personal devices where important personal data, such as photos and personal documents, were inadvertently wiped away, as well.
Also, one more thing to consider: if someone were to make his or her way into someone else’s device and gain access to private email, that intruder could initiate password resets and, thereby, get into business systems. Access to an email account can be used to unlock cloud data and cloud systems. All it takes is one point of weakness to put systems at risk. Employers can shell out hundreds-of-thousands of dollars or even millions of dollars if a major security-breech were successfully established.
Webroot (a private company which provides Internet security for consumers and businesses) stated, in 2014, that out of the 2,100 individuals surveyed, 78 percent were using their own personal devices as part of a BYOD work policy. A whopping 64 percent of those personal-device users admitted to using only the security installed when the device was purchased.
Work-time Concerns
Exempt employees, who are authorized to use their personal devices for work-related tasks can wreak havoc with HR, specifically, and with a company, in general. Let’s take a simple example: Your company has an exempt-status employee who is on a leave-of-absence. During that leave-time, the employee uses his or her device (being part of the BYOD policy) to retrieve and respond to business emails. Here’s the kicker: that employee performs company-related work for longer than a 'De minimis' amount of time -- meaning longer than a few minutes. In this situation, that employee could, conceivably, be eligible to a full week’s salary even if worktime amounted to a mere 4-5 minutes. This type of scenario could turn into a legal nightmare. Also, working after hours on a personal mobile-device may make a company liable for paying the employee overtime.
Additional Costs
In August of 2012, a California appeals court ruled that employers must reimburse employees for work-related calls made on the employee’s personal cell-phone. David Alison, founder of EasyGrouper, which is a mobile communications platform provider, states: "Similar laws to the 2012 California ruling will spread throughout the country. In some cases, it can put a business at risk for being liable to pay a certain percentage of the employees’ carrier costs. When you calculate costs for BYOD, you need to factor in the carrier costs, too".
One area of concern for many businesses is the cost of wireless network access; and then trying to decide who pays for what percentage of the plan. Cellular data plans can be extremely confusing; and there is mounting concern over 'unlimited' options going by the way-side. Most of the largest cellular carriers have eliminated ‘unlimited’ data-plans, forcing the consumers to pay for plans where every amenity has its own price. This, in turn, has the potential to lead to cost overruns if employees were to exceed their plans’ restrictions -- with companies absorbing the added expenses.
Also, attempting to execute guidelines and security measures for a vast-array of devices can end up costing far more for a business than what was initially perceived when the BYOD system was implemented.
Strain on IT Departments
The BYOD movement has, unfortunately, exponentially increased the demands that are placed on IT departments. When companies open the flood-gates and allow virtually any personal device to be part of the BYOD paradigm, it can create havoc for IT departments. And if you happen to be the one who handles the IT support for your company, it creates havoc for you. If the many types of devices are not restricted in any way, you will be up against constantly-changing devices, due to upgrades, for example. Then on top of that, one should expect employees to use mobile devices that might include archaic operating systems which manufacturers may no longer support. In the end, personal devices simply do not possess the highest degree of security technology; and conversely, not all corporate-grade security technologies will be compatible with personal devices. When a wide range of devices, operating systems and carriers are thrown into the BYOD mix, BYOD security becomes a more challenging contender. The problem IT personnel are encountering is attempting to figure out how to permit employees to access all data necessary while keeping that data out of harm’s way. As of yet, there isn’t a unanimously, agreed-upon practice for maintaining data security.
Decline with Privacy and Workplace Morale
Many employees, who might be part of a BYOD policy, worry about their personal privacy. The laptop they might use for work purposes would be the same one used for logging onto Facebook or surfing the web, etc. It makes sense that a number of employees might feel wary of their company having the capability to gain access to their personal passwords and intimate information of all types. The term 'spying' might not ever be said out loud, but if staffers were to feel that 'spying' was real in their minds, it would create a lack of trust and uneasiness for some. That would, certainly, not make for an, overall, positive work environment.
Companies who have incorporated BYOD have the option of requiring special software programs to be downloaded to personal devices to enable them to be remotely wiped of data if necessary -- if a tablet were stolen, for example. The idea of giving control of one’s personal device to an employer would not be an acceptable option for some. What companies would need and what employees would want could clash. Progressive IT departments may request the installation of software agents into employee devices that would give IT a very long arm to reach into any application and functionality of a user’s phone or tablet. IT departments would have the capability to track one’s location at any-time, 24/7.
It’s concerning to realize that BYOD programs depend on IT tools that don’t do a very good job, at all, with differentiating personal and corporate data applications. This can lead to disaster in instances where an unauthorized-access alert is initiated (whether legitimate or not) and the entire content of the device is automatically deleted, rendering the device as inactive and unusable. What then? What would be the legal ramifications considering all your personal data would be lost forever?
If your company were to go through legal litigation, affected employees could be required, by law, to relinquish all devices in connection with the litigation. You would be without your device and all your personal data would be allowed to be viewed and scrutinized, if necessary.
Companies have become familiar with employees being allowed to perform functions on their personal electronic devices; but the BYOD, Bring-Your-Own-Device trend, is causing a lot of headaches for a lot of employers who prefer to view BYOD as "Bring Your Own Dilemma".
What to do About BYOD?
So, needless to say, there is a lot to consider when it comes to whether or not you should implement a BYOD policy, but the reality is, at some point the BYOD call will probably be too much to resist. In fact, Gartner stated the following: "….by 2014, 90 percent of organizations will support corporate applications on personal devices and this isn’t just a single device per employee".
The truth is more and more companies are embracing the core benefits of allowing BYOD which are increased productivity and a more flexible workforce -- among other benefits. The biggest fear for many, however, is the security risk associated with BYOD. There are solutions for this, though. Rocket Software’s mobile terminal emulator is one example. With Rocket Mobile TE, there is no software to install or component to download. Configuration and security are handled through a single, centralized server, eliminating the need to deal with consumer-oriented app stores, and the license is easily expanded with a simple license key. Rocket Mobile TE's connectionless HTTPS protocol also means it is more resilient to network issues that are common with cellular and satellite internet services than connection oriented telnet-based protocols. All-in-all, while some may look at BYOD as "Bring Your Own Dilemma", at some point it may be a dilemma that your company may just need to work through.
Photo credit: Alessandro Colle/Shutterstock
Brandon Jones is a marketing manager for Rocket Software, and the owner a MMT Advertising. Brandon is an active blogger and writes on various enterprise software and online marketing topics including terminal emulation, application modernization, and mobile marketing.