Potential pitfalls of BYOD

BYOD — or bring your own device — is a buzzword that's currently sweeping IT departments. While on the whole it can be considered a good thing, as with most things there are pitfalls that both employers and employees need to keep in mind.


By 2017, it is estimated that 50 percent of firms will demand that employees make use of BYOD. So if you think it's big now, just wait a few years.


But is BYOD right for you? Whether you are an employee, the employer, or the IT admin who has to keep everything working, there are potential pitfalls to BYOD that need careful consideration.


For companies, the issues that need to be addressed are many and varied, and generally revolve around the creation of a workable BYOD policy that needs to encompass a variety of topics ranging from security and support to who pays for what, and what happens when an employee is let go or fired. Any company taking the BYOD route — large or small — needs to have a clear and easy-to-understand BYOD policy.


Making BYOD policies up as you go along (or, worse still, taking an "organic" approach) is a recipe for disaster.


If you're an IT admin working for a BYOD-friendly company, then you already know about creating and enforcing policies. If you're an admin at a company that's currently keeping BYOD at arm's length, then chances are good that over the next few years, you're going to have to come to terms with people bringing their personal hardware to work with them.


Employees also need to consider whether BYOD is right for them, because there's a lot more at stake here than whether they can take their shiny new smartphone, tablet, or notebook to work with them.


For example, there are issues of privacy, and whether the company can track an employee's movements using their device, and whether internet access is monitored. Most post-PC devices have built-in GPS, so they can be tracked pretty much the whole time. Endpoint security software is capable of polling the location of a device, and, as such, know exactly where the employee is any time they have their device on them, as well as what they are doing with their device. A good BYOD policy needs to clearly address issues of privacy, and systems need to be in place to prevent abuses such as workplace stalking and snooping.


Then there's the issue of security.


Most companies that adopt BYOD will demand that devices are set up so they can be remote wiped in the event that they are lost or stolen. But what happens if Little Jonny has one too many tries at guessing the passcode on your iPad in order to play Angry Birds, which sets off alarm bells in the IT department, and the endpoint software — or an individual — mistakenly interprets this as an intrusion attempt, and then goes on to remotely nuke the device?


Think this won't happen, or is so rare as to not be worth worrying about?


Think again. I've heard from dozens to people who have had their personal devices remotely wiped by overzealous BYOD security policies.


It happens. And it happens quite often.


Employees will also be able to do less with their devices once they swallow the BYOD red pill. There will likely be limitations on what apps that can be downloaded and installed, and being able to bypass OS-imposed limitations though jailbreaking and rooting will almost certainly be a no-no.


A BYOD device can, very quickly, start to feel like it's not yours anymore.


BYOD is definitely not for everyone, so much so that some employees working at companies that demand users "bring their own devices" to work choose to buy separate devices for home and work.


Employees should take responsibility for backing up their data. While most companies will have their ducks in a row when it comes to work-related data, personal data is the responsibility of the owner, and as such they need to make sure that it is safe.


While there's always a risk that a smartphone or tablet can be lost, stolen, or damaged, BYOD introduces a few additional risks that you might not have considered. Not only is there a chance that it might be remotely wiped, but there's even a possibility that it might be seized for legal examination in conjunction with a corporate litigation matter or other legal or security issue.


You could, at any moment and for any number of reasons, find yourself down your device and the data on it.


Again, make sure that you have a backup of your data in case you ever need access to it.