Bring your own device (BYOD) has been around since the first cell phone appeared on the scene. That big, white phone that Michael Douglas used in the 1987 film ‘Wall Street’ is an example of BYOD. When phones got smarter, software developers began creating apps for those phones. Over time, mobile device use has rivaled if not overtaken desktop use at work.

According to Microsoft, mobile devices make up about 60% of the endpoints in a company network, handling about 80% of the total workload, but they are often neglected when it comes to strong cybersecurity measures.

This becomes more crucial when dealing with employee-owned mobile devices. BYOD differs from company-owned mobile use programs and devices. Instead of using company tools, employees are using their personal devices for work. Many businesses find this the most economical way to keep their teams productive.

For many Small and Mid-size Businesses (SMBs), purchasing phones and wireless plans for staff is often out of reach financially. It is also unwieldy for employees to carry around two different devices for personal and work use.

It’s estimated that 83% of companies have some type of BYOD policy.

You need have solid best practices in place if you want to run BYOD securely. Too often, business owners don’t even know all the devices that are connecting to business data - or which devices have company data stored on them.

Creating a BYOD policy should involve input and information from your IT services team. Following are some tips to overcome the challenges of BYOD. These should help you enjoy a win-win situation for employees and the business.

  • Define Your BYOD Policy
  • Keep Your Policy Current
  • Use VoIP Apps for Business Calls
  • Create Restrictions on Saved Company Data
  • Require Device Updates
  • Include BYOD in Your Offboarding Process

Define Your BYOD Policy

You cannot expect BYOD processes to be secure If there are no defined rules in place. Employees may leave business data unprotected. They may connect to public Wi-Fi and then enter their business email password, exposing it to hackers. Devices can be lost or stolen.

You absolutely need a policy if you allow employees to access business data from personal devices. This policy protects the company from unnecessary risk. It can also lay out specifics that reduce potential problems. For example, detailing the compensation for employees that use personal devices for work.

Keep Your Policy Current

Policy becomes less relevant to employees when it becomes outdated. They may look at your BYOD policy and note that one directive is old and assume that all directives are obsolete. Do not let one old directive be the rotten apple that spoils the whole barrel.

Make sure that you keep your BYOD policy current. This means updating it regularly if any changes impact those policies.

Use VoIP Apps for Business Calls

Before COVID, 65% of employees gave customers their personal phone numbers. This often happens due to the need to connect with a client when away from an office phone. Clients also may save a personal number for a staff member. For example, when the employee calls the customer from their own device.

Customers having employees’ personal numbers is a problem for everyone. When the employee leaves the company, they may not answer those calls. The customer may not realize why and hold it against the company.

You can avoid this issue by using a business VoIP phone system. These services have mobile apps for employees. These apps allow employees to make and receive calls through a business number, and the company retains control of the number.

Create Restrictions on Saved Company Data

Remote work has exacerbated the security issues with BYOD. While BYOD may have meant mobile devices in the past, it now means computers too. Remote employees often will use their own PCs when working outside the office.

No matter what the type of device, you need to maintain control of business data. It’s a good idea to restrict the types of data that staff can store on personal devices. You should also ensure that it’s backed up from those devices.

Require Device Updates

Devices that are not updated or patched are one of the main ways hackers initiate a data breach. Any endpoint connected to your network can enable a breach. This includes those owned by employees.

Since it can be tricky to ensure that a device owned by an employee is kept updated, many businesses turn to endpoint management solutions. An endpoint device manager can push through updates automatically. This is easy for your IT services team to set up and allows you to protect business data without intruding on employee privacy.

The monitoring and management capabilities of these tools improve security. This includes the ability to safelist devices. Safelisting can block devices not added to the endpoint manager.

Include BYOD in Your Offboarding Process

When an employee leaves your company, you need to erase their access to company data, such as work emails received on their phone Do they have access to company data through persistent logins? Are any saved company passwords on their device?

These are all questions to address when offboarding a former staff member. You should also make sure to copy and remove any company files on their personal device. Additionally, ensure that you deauthorize their device(s) from your network.

Frequently Asked Questions

Q: How does BYOD work?

A:  It works differently in various industries. Most typical office environments provide company-owned desktops and limit BYOD to devices used remotely, such as smartphones, tablets, and laptops. In Real Estate Sales, it’s very common for realtors to bring their own laptops to the office and simply plug in to the network. Ultimately, BYOD gives employees the freedom to use tools they prefer. It is up to the employer to ensure that data is protected during transmission.

Q: What is BYOD example?

A: By far the most common devices are smartphones. Other examples are laptops, notebooks, tablets, personal home computers for remote workers, and USB drives which store company data.

Q: How do I create a BYOD policy?

A:  Once you have chosen to allow BYOD in your organization, consult with your IT support provider to establish what security concerns need to be addressed. The main tenets in your policy should include:

Establish the scope of the policy.
Examine privacy protection.
Outline Cybersecurity and compliance initiatives.
Simplify the sign-up process.
Establish reimbursement guidelines.
Plan for ongoing maintenance.
Write your policy down before implementing it.

Q: What should a BYOD policy include?

A: To keep BYOD practices from becoming chaotic, these 7 concepts should be included in any BYOD policy:

1) Specify permitted devices
2) Clearly outline who owns company information on the device
3) Determine permitted/unpermitted apps
4) Establish phone number ownership
5) Determine payment/reimbursement structure
6) Establish uncontestable security requirements
7) Practice flexibility

File-sharing software company TitanFile further defines these concepts HERE.

How secure is your network?

As a reputable member of the IT Support Los Angeles community since 2002, IT Support LA offers a FREE, no-risk network and security assessment. It is a non-intrusive scan that allows us to deliver a comprehensive report that is yours to keep. No strings, and no obligation to ever use our Managed IT Services.

The best defense is the best Cybersecurity to protect your data from theft, and a top-notch Managed Services Provider (MSP) to ensure continued reliability and defenses against newly emerging threats.

With our 100% Money Back Guarantee in writing, we offer a risk-free way for prospective clients to try us out. Because we do not require a ‘hard’ contract, our clients can fire us at any time with 30 days’ notice. We have to be good.

Need Mobile Device Security Solutions?

No matter what size company you have, mobile device management is vital. Contact us to learn more about our endpoint security solutions.

Among the Managed IT services we provide:

IT HelpDesk Service
Onsite IT Support
Cloud migration and management
Email migration services
Backup and disaster recovery
VoIP phone systems
IT disposition and recycling
Office moves
White label services (IT to IT)

IT Support LA an award-winning Managed Services Provider (MSP):
o  3 Years awarded Best IT by the Small Business Expo
o  Awarded 2nd best company of any type in the US by the Small Business Expo SB100
o  Awarded Best IT in California by Channel Futures
o  Winner of Best IT in Los Angeles 2021 by Channel Futures
o  Listed as one of the world’s Top 501 Managed Services Providers by CRN and in the top 250 in the ‘Pioneer’ listing
o  4 years listed as one of the Top 501 MSPs in the World by Channel Futures
o  Globee 2021 Bronze Award winner for Chief Technology Officer of the Year
o  Globee 2022 Gold Award winner for Chief Technology Officer of the Year
o  Named one of 2022’s 50 ‘Best’ businesses in California by UpCity
o  Named Best of IT winner for 2021 by UpCity
o  Winner of Local Excellence Award for 2021 by UpCity
o  Named Best of Cloud Consulting winner for 2021 by UpCity
o  Certified as Top MSP and Cybersecurity Pro for 2021 by UpCity
o  Named Best IT Support in Los Angeles for 2021 by

For more information, or to receive your FREE no-risk network and security assessment, just fill out the form on this page or call us at: