How to Draft Your BYOD Policy | NETSCOUT

Crucial Things to Consider When Drafting Your BYOD Policy

June 24, 2015

Developing a BYOD policy is a smart move. It shows that you've embraced change, but that you're going to make sure that the change is done wisely and efficiently. Drafting a BYOD policy isn't something you should plan to do in a day, or even a week, and perhaps not in a month. Take the time to make sure all the stakeholders' needs and concerns are covered, that the document is well understood across the organization, and that the technology is in place to make it happen.

1. Get Input from All Departments

Each department will have a unique perspective on the BYOD policy and all the insight will add value and usability to the final policy.

Naturally, IT and legal should have a say in the drafting of a BYOD policy, but all other departments need to have a voice, as well. Human resources, finance, production, customer service, sales, research and development -- each of these departments will have unique uses for mobile devices, apps that are particular to their needs, and great ideas that could benefit the organization as a whole but that nobody else is likely to think of. More input is better input.

2. Provide Adequate Bandwidth for the New Devices

With devices being "mobile" you might think that everyone will be using their devices only outside of the office. However, once these devices are in play on your network, they will be in constant use by your workers. Be sure you are ready to supply the necessary bandwidth to cover two to three times the network traffic the system has been servicing.

3. Make Your Privacy Policy Clear and Communicate it Well

What will your IT department be able to see on the employees' devices? What can they delete or alter? What should they do if they discover inappropriate material or even illegal activity on the devices? These scenarios seem far-fetched, but have happened in reality to more than a few organizations. IT departments have accidentally deleted wedding photos; have found evidence of illegal activities, and more. Thresh out these situations and be sure they are addressed clearly and comprehensively in the BYOD policy.

4. Make Sure Your IT Department Has the Technology to Make it Work

Stating in the policy that all corporate data will be remotely deleted in the event a worker leaves without notice is one thing. IT having the technical ability to make it happen is another. Be sure IT is armed with everything needed to assure the BOYD policy is implemented as written, from properly optimizing bandwidth to monitoring and accessing devices remotely.

5. Decide What Authentication and Encryption Will Involve

Stating that mobile devices must be password protected is not enough. You need to specify how long the password should be, and preferably dictate that the password contain a variety of upper and lower case letters, numbers, and/or special characters. Your IT manager should be able to guide you in defining password requirements that the business can be comfortable with.

6. Nobody Can Be Immune to the Policies

Under the BYOD policy, the rules and regulations should apply to everyone, from the top down.

In order for a BYOD policy to protect the organization as it should, even the top management has to be subject to the rules and consequences for violating the rules. It's actually more important for top-level execs to follow BYOD policy, because access at this level is generally much higher than the average employee. This means that devices belonging to executives are more lucrative if hacked or stolen, and that they can do much more damage if they decide to deliberately do something underhanded.

7. Develop a Strong, Comprehensive Exit Policy

In Fairyland, everyone submits a two-week notice, works it out, and visits the IT department to have their devices wiped of corporate data before enjoying the goodbye cake and ice cream. In the real world, employees can just leave one day and never come back. Whatever the circumstances, the BYOD policy needs to establish the right way to exit and an alternative method for when that doesn't go as it should. Again, be sure you have the technology needed to backup data, wipe devices, and protect the company in any eventuality.

For the IT networking solutions you need to make your BYOD draft policy a reality, visit NETSCOUT today