Part 1: ‘Bring Your Own Device’ – why your business should approach with caution
Welcome to the first instalment of our visibility and control blog series. In this, we share why it is important to have awareness and understanding of your telecoms assets, costs and performance so as to equip the business with the right tools and processes to develop and grow.
In this first post, Phil Lewis, Key Account Director at Adam Phones, discusses the challenges of a ‘Bring Your Own Device’ policy and what businesses need to be aware of when considering this.
It is not uncommon for businesses to consider a ‘Bring Your Own Device’ approach to mobile communications, especially as companies look to generate further productivity and reduce operational costs. It provides employees with the freedom to choose their own mobile devices and takes that procurement headache away from the business. It all sounds simple and attractive, but the reality is far from it and in this blog, we’ll deep dive into the risks and costs of BYOD and why you should avoid it at all costs.
Let’s first define what BYOD means in the workplace. The company puts in place a practice whereby employees can source their own mobile service. They get to choose whatever smartphone they want, possibly within approved guidelines that the company has provided such as approved or blacklisted manufacturers. There is freedom over the selection of their own mobile plan and network (again, unless the company specifies a particular network, which it often won’t). The employee will then submit or reclaim work calls under some form of company expenses scheme and some or all of their fixed line rental charges.
Now we have established a baseline for BYOD, let’s look closely at where the problems creep in and what those challenges can mean for the company:
- BYOD users will optimise their tariffs for personal rather than business use if roamed calls and data, for example, can be reclaimed. What this means is that the company will face higher costs for recharged calls as consumer tariffs are not as competitive as corporate options.
- The BYOD model introduces additional costs associated with the resources required to manually process expense claims for calls from a multitude of different networks/suppliers, all on different tariffs, in different formats and on different billing dates.
- IT now needs to support a wide range of employee-sourced devices, having lost control of the mobile technology footprint.
- There is suddenly a requirement for a more robust MDM solution given the risks associated with personal devices connecting to corporate infrastructure.
- The organisation has less control over the devices it doesn’t own, making it easier for sensitive data to be compromised. Mobile devices are your greatest technology endpoint risk.
- Investment is now required in educating employees on the risks and responsibilities associated with using their devices in the workplace, and this will be a recurring task.
There is also an additional new wave of risks to consider for BYOD deployments, courtesy of the GDPR:
- A BYOD program must take into account any compliance mandates that govern information security and safeguard specific data. Even if employees use their own devices, the organisation must ensure that the data is protected as required by regulations such as the GDPR.
- There is a dramatically increased risk of data breaches with employees making use of multiple applications to communicate data, rather than a centralised secure email work service. As we know, data breaches can result in huge financial penalties, which has increased under the GDPR, along with reputational damage.
- Company-issued devices usually come with an acceptable-use policy. However, it is far more difficult for the company to inform employees what is acceptable on their own devices.
- Whilst MDM / EMM solutions can segregate work profiles from personal profiles across applications and email, there can be no segregation of call records on a single SIM – both personal and professional communication will be undertaken on one phone number. Under the GDPR this raises questions over the data the company has access to on an employee-owned device.
- When an employee leaves the company, the device leaves too, and the organisation might be unable to reclaim sensitive data.
BYOD gives the appearance of removing an envisioned telecoms burden, but it fails to deliver its promises and introduces untold costs and threats across the organisation.
Stay tuned to the Adam Phones blog for the second part of our series, “Why visibility across the telecoms suite is key to an agile business” and make sure to keep in touch with us on our Twitter, LinkedIn and Google+