Asset 1EN.png

Cimpl Blog

Your Weekly Insights on How to Manage your Enterprise Digital Footprint.

Why the Government Thinks BYOD is Bad for Business

Posted by Henry Cheang | August 14, 2015 12:00 PM

On August 13th, three Privacy Commissioners (of Canada, British Columbia, and Alberta) issued guidelines informing businesses of the risks in implementing bring-your-own-device (BYOD) programs, and with good reason.

Nope, BYOD might actually be pretty bad for business.

Before proceeding, here is a quick refresher on BYOD programs. BYOD is an extremely popular trend in which employees bring personally-owned mobile devices to the office for work purposes (we’re talking, of course, about devices like smartphones, tablets, or laptops). The significant point here is employees are accessing sensitive company information through these devices.

Many managers know about and implement BYOD programs, and with the recent increase in mobile device usage and ownership, BYOD might seem as a viable alternative to business-owned IT. What employers sometimes ignore are the risks associated with this type of program. All three Privacy Commissioners voiced important concerns about BYOD in their joint press release.

"Allowing employees to use their mobile phones, tablets and laptop computers for both personal and professional use carries significant privacy risks – particularly when one world collides with the other," says Privacy Commissioner of Canada Daniel Therrien. "Companies need to consider the risks in advance and prepare to manage them effectively. Only then could they conclude whether a BYOD program is right for them."

"Both IT professionals and staff participating in BYOD programs need to be trained on acceptable use policies and other responsibilities. Without buy-in from senior management, companies may not provide the resources and support needed to effectively implement these programs to protect both employers and employees," adds Jill Clayton, Information and Privacy Commissioner of Alberta.

"Companies also need to bear in mind that despite their best efforts, bad things can happen. Devices may be lost or stolen and personal information may be compromised," says Elizabeth Denham, Information and Privacy Commissioner for British Columbia. "Having a formal incident management response plan in place is crucial to ensuring incidents are detected, contained, reported, investigated and corrected in a consistent and timely manner – as is employee training and awareness of the privacy and security risks."

(SOURCE: Office of the Privacy Commissioner of Canada)

The concerns of the Privacy Commissioners are in line with statements and articles that we at Cimpl have been putting out for years. The logic is simple: You cannot apply the same security measures/usage restrictions on employees’ personal devices as you would to company-owned IT.

That’s why upper management in companies must conduct a full assessment of the risks and rewards of BYOD programs and address them before considering implementing this type of policy. To further quote the Privacy Commissioner of Canada,: “Rules governing the acceptable use of devices, corporate monitoring, the sharing of devices, app management, connection to corporate servers and responsibility for security features, software updates and voice or data plans should also be explicitly laid out in a BYOD policy.”

These rules must be set in place in order to maintain control over the use of company data and sensitive information. If this is not done correctly, there will be increased chances of data breach, information leaks, and other general security risks – all of which could jeopardise the company.

Reading the guidelines by the Privacy Commissioners is a good start to learning how to navigate these risks. In addition, Cimpl offers a free practical guide on BYOD that outlines the proper steps in how to set BYOD policies. Our guide also describes alternatives to BYOD that could benefit you. 

Does your current wireless strategy include BYOD? Do you have a BYOD policy in place?

BYOD or COPE policies


Related Articles:

Topics: BYOD, Security

Written by Henry Cheang

Henry has a lifelong passion for science and technology. This enthusiasm is put to good use in a cutting-edge software company like Cimpl. As product marketer, Henry researches market and user needs to develop user and buyer personas, contributes to product design, and helps coordinate product messaging. Henry also writes nearly the entirety of all documentation for Cimpl’s many successful platforms. In his spare time, Henry devotes much energy to family, friends, and martial arts. Henry recently completed his Master’s in Business and Administration from Concordia University, where he specialized in the study of marketing, organizational behavior, and corporate governance. He has authored academic papers on the latter two subjects; these papers form part of his bibliography of over 20 professional research publications.

Follow Us!

New Call-to-action
What is WEM? ePaper

Subscribe to our Blog