Let’s discuss a few things that need to be included in one of these policies so you can make yours as effective as it can be (whether you?re first implementing it or you?ve had one for a while that needs a refresh).
Keeping Things Secure
While mobile devices can provide considerable benefits to your business, these benefits will be moot if your security is compromised via these devices. Therefore, you need to make sure that your mobile device policies contain guidelines to help – and yes, make – your employees use their devices more securely. While these examples aren?t a comprehensive list of precautions to make (and the same can be said for any of the examples in this blog), they do help illustrate the kinds of precautions and restrictions you will have to enforce:
- All mobile devices must be protected by a password that meets the standards set by your company’s guidelines, and set to lock automatically if idle for a set amount of time.
- Any applications must be approved by the company before they can be installed and used for work purposes.
- Any devices not included in the BYOD policy, or are not supported by it, may not connect to the business? network.
- If a device is misplaced, IT detects a threat on it, or the owner leaves the company, IT may wipe the device to protect company data.
Of course, while you always need to have security measures in place, it can greatly help to have the means of minimizing threats before any can materialize? especially those that originate from inside your organization. Your mobile device policy is a good place to outline the protections you have in place, and what you reserve the right to do with them to protect the good of the company. For instance:
- All devices that are lost or stolen should be reported to IT within 24 hours, and the mobile carrier should be notified immediately.
- Any employee who uses their mobile device does so knowing that it signifies their consent to the acceptable use policy, and their intention to abide by it.
- Any mobile device may be disconnected from the company network or have its access to services revoked without notice.
- While IT will make their best efforts to preserve a user’s data, any device that needs to be remotely wiped for security purposes will be wiped to protect the company. This means the user is responsible for maintaining their own backups.
Acceptable Device Use
Finally, you need to make sure you include a section in your guidelines that dictate how these devices can be used in the office (or out of it, for that matter) to conduct work tasks. Some will be based on your personal preferences, while others are more related, again, to your security. A few sample policies that your overall mobile device policy should include are:
- Designated guidelines clarifying the differences between business and personal use of devices, and what is acceptable for either on company time – and what is not allowed at any time, like storing illegal materials or conducting harassment.
- A comprehensive list of business materials and resources that an employee can access with a mobile device.
- All approved applications that may be downloaded, as well as those that may not be, such as those not acquired through Google Play or the App Store.
- Websites that may not be accessed via the business’ network.
Interested in learning about a mobile device policy, and what it needs to contain, in more detail? Reach out to us! Our professionals can walk you through each point in detail, assisting you in creating and enforcing protections for your company that work. Give us a call at (603) 889-0800.