Whether or not your company embraces the bring-your-own-device approach, don’t ignore the data integrity and retention implications of all the personal smartphones and tablets showing up in the workplace.
Your network might be hosting a BYOD (bring your own device) party even if you don’t realise it. It doesn’t matter whether your company actually allows employees to use their personal mobile devices for business purposes: Those smartphones and tablets are still inside the corporate walls.
It’s a wave that’s not stopping. Even if you attempt to put a policy out there that prohibits the use of personal devices, you’ll see a lot of them every day, more and more.
That leads to one of the critical issues inherent in the BYOD approach, company-sanctioned or not: Mixing personal and corporate data willy-nilly. Small and midsize businesses sometimes face a more significant struggle on this front than large enterprises. It’s very hard for them to be more controlling of data like some of the larger organisations are able to achieve.
This can be a huge problem for firms that operate under regulatory restrictions. But even SMBs that aren’t dealing with a heavy compliance burden could find themselves in a lawsuit or other situation where data integrity and retention become critical. SMBs can sometimes be overwhelmed by the data implications of a BYOD approach; they could just as easily ignore them altogether.
Here are four interrelated strategies for harnessing the upside of BYOD while managing associated risks.
1. Technology use policy
Step one in ensuring a strong, manageable approach to data retention is to create a policy that outlines what is – and what isn’t – acceptable for employees to do when it comes to personal mobile devices, applications, and other tech tools. Policy or governance is the starting point that will then drive procedures and processes. Companies really need to make it clear to employees what is appropriate and what is not appropriate regarding the use of technologies such as Gmail or other personal e-mail accounts and social media, for example. That policy also needs to explicitly cover employee responsibilities for retaining and storing data.
2. Employee education
Assume the concept of data retention has never occurred to most of your staff–because it probably hasn’t. SMBs should organise periodic training so that employees can clearly understand the appropriate and inappropriate uses of their personal devices. This training should cover things like social media usage, personally identifiable information, strong passwords, and privacy settings. Today, there’s a common misconception among users: Confusing privacy with privilege. In the event of a lawsuit, an employee’s social media data can be discoverable regardless of privacy settings – make sure employees understand that.
3. Data segregation
SMBs should make data segregation a fundamental practice – namely, keep corporate and personal data separate for retention purposes. This can save you a ton of headaches in the event of litigation and compliance-related audits. The best way to enable this is to provision corporate storage space and make clear to employees the processes for backing up their data there – and for keeping their personal info out.
4. The social factor, redux
Social media should be a critical part of the aforementioned education and training, but it gets an encore here because it flies in the face of data segration. One of the dangers of social media is that it does not allow a segregation of your professional life and your private life. A simple example: The second someone lists their employer – and all of their previous employers, to boot – on Facebook, that line instantly vanishes.
When people post things – whether pictures, opinions, comments – all of that now is exposed to scrutiny, regardless of the impression that Facebook gives you that you have privacy settings. Indeed, the legal system is increasingly inclined to consider social media information discoverable in lawsuits; user privacy settings are irrelevant.
The social business boom also points to an underlying issue about whether employees actually recognise when they bring their personal technology into their jobs. In short, people don’t understand that when they ask to use a personal device in the workplace, they’ve agreed to the fact that now anything they do on that personal device can be viewed as company property.
However, BYOD is still a productivity and flexibility enhancing development that will only continue to flourish and become widely adopted across small business in Australia.
