Just found an old article on workforce.com: Data Dilemma: What to Do When BYOD Workers Say ‘Bye’. Excerpt:
Most bring-your-own-device policies focus on how employees can use their phones or tablets on the job — and rightfully so. Employees will inevitably use personal devices to perform company tasks, and creating a policy that defines how they are allowed to access corporate information is an important initial step to keeping an organization’s data safe.
But what happens when an employee quits or gets fired?
It's a really good list.
-=-=-=-=-=- Jayne Cravens Author, The LAST Virtual Volunteering Guidebook
Great share. Here's what seems like a good white paper on the subject:
[ 07/19/2016 - I was unable to locate this file on the target site. Admin]
Chris Delatorre · Editor, science geek, remote work advocate · https://twitter.com/urbanmolecule
This link seems to be dead.
I guess you mean the original post I made, from last year? It works here:
Data Dilemma: What to Do When BYOD Workers Say "Bye".
I was hoping for some discussion on this back when I posted it. For instance, the article says that, at one company,
employees are only allowed to log on to the company network from personal devices as guests, which gives them access to email and basic company data, but prevents them from downloading any sensitive documents. The company policy also clearly states that devices will be monitored to ensure compliance, and that a “remote wipe” procedure will be triggered immediately if they leave the company.
and at another company, Fujitsu, there is:
an encryption technology, partitioning on employee devices to keep company data separate from personal data, and instant data wipes of those partitioned sections as soon as an employee leaves.
That's great - but completely unrealistic at the vast majority of nonprofit organizations and government agencies, that would never have the budget or expertise to have such systems.
So, anyone have a BYOD policy or practice from their nonprofit, school, government agency or other mission-based program that they would like to share?
BYOD policies vary widely from one organization to the next, reflecting the human, technical, workflow, budgetary and cultural factors specific to that organization. Using someone else’s policy as a template can cause more problems than it solves.
I think the cited article sums it up pretty well. Dilemmas (this and many others) occur when a program is implemented without regard to costs, risks or exit strategies.
A BYOD program usually begins when staff and volunteers who would most benefit by it propose the idea to Management, emphasizing tangible ways in which it will benefit the organization.
Management then consults with accounting and IT to estimate costs, risks and any other downsides. Surprisingly, the biggest issue isn’t security. It’s application compatibility. You can’t believe the assortment of oddball devices that people naively expect to work smoothly with their business applications, or the costs required to integrate the systems. Fortunately BYOD programs have been around for a while and we realize that they are not the guaranteed win-win free-for-all that was touted by vendors a few years ago. We know of the successes, failures and “dilemmas” experienced by other organizations and can provide realistic assessments.
Finally, Management will either adopt the program or reject it. They will properly implement and fund it, or not. If not, then Management assumes the responsibility for the resulting risks and possible “dilemmas.”
If the program is adopted, a policy will be drafted to indicate who can do what. IT will then implement mechanisms to enforce the policy.
Policy enforcement is accomplished in the most effective and lowest cost methods suitable for the organization, its program and its budget.
Most frequently it’s just a matter of limiting access to authorized personnel and non-sensitive data.
Extreme measures such as encryption usually aren’t needed. Very few non-profit organizations have to worry about billion dollar trade secrets. And many non-profits deal in regulated private information that precludes BYOD access entirely.
Staff turnover is inevitable so an exit checklist is pretty routine (with or without BYOD programs.) In my case I can disable network access, block remote access, optionally wipe the remote device, archive e-mail records, and save printjob and document access logs , all in a matter of a few minutes.
Remote wipe can be far less expensive than you might think. Most managed networks (usually those having about 20 or more workstations) will already have some sort of network security or management software. Monitoring of remote devices and a real-time remote wipe capability is often included or available as a low-cost add-on. Remote wipe also comes in handy if a device is lost or stolen.
Some organizations reduce costs by creating a Choose Your Own Device (CYOD) program that allows personnel to select from a few models that have been tested and proven to work safely with the company’s security and mobile application management systems.
One of the biggest obstacles to BYOD adoption comes from staff and volunteers who feel the program is being forced on them and who resent having to pay for, maintain and insure the devices themselves, pay the bill and then try to claim back expenses on business-related voice and data, or the fact that they are potentially always on call and might be expected to answer emails or notifications outside of work hours, or that they are granting the employer access to their device in the name of device management.
Hope that helps.
Close this window