Canadian HR Reporter

CanaDian hr reporter october 6, 2014 FEATuRES 13 TecHnoLoGY BYOD or CYOD? A look at which policy works best when it comes to employees' mobile devices By Steven Leo O rganizations today need employees connected and mobile, with con- tinuous access to their networks. e handheld devices we've be- come so accustomed to, such as cell phones and tablets, are now everyday business tools. The challenge organizations face is whether to allow employ- ees the option to "bring your own device" (BYOD) or "choose your own device" (CYOD). While these descriptions may sound similar, they have distinctive differences and arguments can be made for the value of each practice. Em- ployers need the facts to be able to make informed decisions and develop device usage policies and procedures that help mitigate any security risks. CYOD is generally considered the more costly option. Employ- ees choose from a limited selec- tion of devices the organization purchases for business use, such as a company-issued iPhone, BlackBerry or Android. Often the device can be limited to use for work activities only. Organizations interested in reducing these purchasing costs can choose BYOD, which gives employees the freedom to choose an option that best suits their per- sonal and business needs. But both policies, and par- ticularly BYOD programs, need careful planning in a world of changing security risks. With the constant threat of data breaches, employers need to make decisions that best fit their business. Some security experts believe the CYOD approach provides greater security as the device usu- ally has limited use, so organiza- tions with security concerns tend to choose this option. IT depart- ments have more control over the device and its capabilities and can pre-install security software. In addition, administrator, firewall and network settings can be con- trolled, and IT staff can provide better support. To reduce technology costs, however, many organizations are adopting the BYOD policy as it not only lowers the IT budget but also allows for increased produc- tivity. But this option does come with more security challenges. ese devices can have addition- al issues because they can mix business and personal use. What control would an employer have if an employee is downloading mov- ies and unlicensed applications on her own cellphone if it is the same phone she uses for company business? Without a well-designed and unified BYOD management strategy in place, companies risk exposing sensitive data to outside sources — even competitors. e goal is to adopt effective usage and security policies, while not mak- ing it more difficult for employees. If an organization chooses a BYOD policy, here are three ways to adopt a successful plan: Maintain transparency Attempting to hide the unflat- tering aspects of a BYOD plan can backfire if employees dis- cover them; being truthful about employee privacy rights and en- terprise mobility management components fosters a sense of trust. e technology is designed to protect corporate information. However, some systems col- lect employees' personal location information and personal apps. Successful BYOD programs have privacy filters installed to restrict access to most personal identifi- able information. At the same time, building trust works both ways. Business leaders should feel confident employees are responsibly embracing the freedom of enterprise mobility. If at any point leadership feels work- ers are not handling company data securely, they should have the op- tion to implement stricter controls. Additionally, BYOD deploy- ment should complement em- ployee training. It's a growing trend for companies to teach employees what is and is not ac- ceptable, and which apps require caution. For example, corporate documents shouldn't be forward- ed to personal email accounts or work photos uploaded to the web or social platforms. Maximize security If a device is stolen or lost, real- time monitoring and remote wipe capabilities are some of the features IT can use to identify se- curity threats quickly and respond effectively. Health-care and financial ser- vices firms have traditionally had the highest security standards, but all industries are restricting the copying and pasting of sensitive information from email, calendar- ing and contacts to non-approved applications. e separation of corporate and personal data can help ensure appropriate levels of security are in place. Monitor consistently If a security breach occurs, it is important for IT teams to respond quickly and effectively. Some companies set up automated alerts to notify them in near real- time when a device is outside its predetermined "geo" fence, when a blacklisted application has been installed or when a user has reached his data limit. ese strategies can help com- panies adopt enterprise mobility programs that not only encour- age more efficient work processes but also reduce security risks. e most optimal mobility strategy makes devices secure without im- peding employees' pace of work. Steven Leo is the Toronto-based direc- tor of enterprise and workplace servic- es, responsible for the network, security and workplace services offered by IBM Canada's global technology services through IBM's ITS division. For more information, visit www.ibm.com. Register today for industry recognized live or on demand webinars at the Carswell Professional Development Centre. www.hrreporter.com/cpdcentre Join a live 1 hour webinar during your lunchtime that includes a presentation and/or a panel discussion led by industry experts and a live Q&A session where participants can submit live questions to be answered by presenters. These accredited courses are aimed at professionals and employers looking to further their professional development within HR and contextualise acquired knowledge and skills in their workplace. Current industry partnerships include: • Human Resources Professionals Association • Human Resources Institute of Alberta • Human Resources Association of New Brunswick • Canadian Human Rights Commission DO YOU HAVE 1 HOUR TO SPEND ON YOUR HR PROFESSIONAL DEVELOPMENT? THOMSON REUTERS CARSWELL PROFESSIONAL DEVELOPMENT CENTRE

• Cover