Introducing a BYOD Policy: Everything You Need to Know

Think back to 2010. Facebook was still the dominant social platform. Panasonic introduced 3D TVs. Apple released the iPhone’s first forward-facing camera. 

And the concept of a BYOD policy first entered the mainstream. 

BYOD - or bring your own device - refers to the practice of letting employees use their own devices, commonly mobile phones or laptops, to complete their work. The BYOD market is predicted to achieve figures of over £308 billion by 2032. But not every business has a formal BYOD policy in place yet - despite, for example, 60% of employees using their phones for work-related tasks.

Security concerns are one reason why some businesses have held back - but the fact of the matter is, people use their own devices for work regardless of whether it’s official or not. As Dion Hinchcliff, one of the most influential figures in the digital workplace space says: 

“The introduction of a BYOD policy doesn’t have to mean “letting go” of essential control but it does mean providing a framework for users to bring their own mobile devices to work in a safe manner…This unleashes choice and innovation and vitally, splits the work of adoption and rollout with users that want to use their favorite mobile devices/app to solve a business problem.”

One of the areas where a BYOD policy unleashes, as Hinchcliff puts it, choice and innovation is employee training. Enable your employees to consume learning content on their own devices, and you’re giving them an education that’s engaging, time efficient and encourages continuous learning. 

This is especially true if you have a frontline workforce, who may be working on a shop floor, in a kitchen, on a building site or making deliveries.

A BYOD policy makes training accessible wherever they are, democratizing access to vital information that keeps them safe and up-to-date. 

If these are benefits you’d like to see, keep reading. In this blog post, we’re going to cover everything you need to know about introducing a BYOD policy - whether you’re exploring the concept for the first time, or well on your way to implementing it for your employees: 

• What is a BYOD policy? 
• Is a BYOD policy necessary for your business? 
• The importance of  BYOD policy today
• BYOD policy advantages and disadvantages 
• Risks of a BYOD policy 
• Writing your own BYOD policy 
• How to implement a BYOD policy 
• Examples of a BYOD policy in action 

Let’s dive in. 

What is a BYOD policy?

A BYOD policy definition is a policy that covers everything a business, and its employees, need to know about the use of personal devices at work. That includes how, when and where employees are expected to use their devices, to protect the privacy and security of the business. 

Sometimes these policies might be written for a specific device only; for example, a BYOD mobile device policy refers to a written policy around the usage of cell phones only for work. 

There are several ways a business can adopt a BYOD policy, including: 

• Full BYOD: this refers to when employees are not provided with a company-issued device at all and are instead solely expected to use their own devices for work. 
• Hybrid BYOD: here, an employee might have the option to use their own device and a company-owned device. A common example here is working from a company-owned desktop computer or laptop, but having emails and messaging apps downloaded to a personal phone. 

Is a BYOD policy necessary for your business?

Before we get into the nuts and bolts, let’s talk about whether a BYOD policy is right for your business. 

It may be easy to provide technology if you have a relatively small team that works from the same location. But for businesses with tens or even hundreds of thousands of workers distributed across the country or world, who may or may not be working from an office, doing so can be extremely challenging. 

Businesses like retail, hospitality, transport, logistics, manufacturing and construction will all benefit hugely from a BYOD policy. These industries rely on large, distributed workforces that often need the seamless support of technology to complete their job - for example, a retail worker checking the best practices for restocking the shop floor. 

Often tasked with quickly and precisely completing repetitive tasks, these workers need to access knowledge that supports their work without disrupting their workflow (productivity drops by up to 40% in the face of digital friction).  

A good rule of thumb to follow here is the larger and more distributed your workforce is, and the more they need to rely on technology that integrates into the flow of work, the more likely it is that a BYOD policy will be useful for you. 

The importance of a BYOD policy today

BYOD policies are more than just practical when it comes to training a frontline workforce. 

They also democratize access to training by enabling it to reach as many people as possible. If your frontline workers have to complete training on a shared device, for example, it’s unlikely you’ll get the same uptake and completion rates as when they can access it from their phones, at any time.

This is particularly vital when the nature of frontline work often involves physical tasks that need to be completed safely. Giving near-instant access to the information your people need makes sure they do so.   

Consumers also have certain expectations for technology today. They expect it to be seamless to the point of being invisible; fast, intuitive and usable. And these expectations don’t change just because they’re at work. 

In 2015, Dion Hinchchcliffe noted that “the reality is that IT is struggling mightily in most organizations to keep even basic technology up-to-date….It’s time to call it like it is: the legacy model of IT is largely insufficient when it comes to modern digital enablement and transformation.” 

His point still rings true today. Buying, say, the latest iPhone every year is easy enough if you’re doing so for yourself (and, of course, have the funds to do so). Adopting the same practice at scale for a workforce that’s potentially distributed across the country, or the world? Much more difficult. 

Workplace IT infrastructure is inevitably going to fall out of date - by a lot or by a little, depending on the type of business you work for, its workforce size and location, and how much money it has to spend. 

But as Hinchcliffe writes, technology “access actually doesn’t really provide that much value without usability, it has to be something you can actually deliver on. And so usability also covers having streamlined digital experiences, making business processes and procedures easily learned and usable, making sure your cybersecurity protections aren’t making the access too difficult.” 

He goes on to note that, really, businesses should be questioning if they’re “getting the actual work outcomes [they’re] looking for? That both professional and personal developments are taking place?...if you do this well, then you can actually get to engaged workers.” 

Here, we almost have a Catch-22.  

Workplace technology will inevitably fall behind employee expectations. Yet keeping up with expectations surrounding usability is key to employee productivity and engagement. What’s a business to do? 

The answer lies in introducing a BYOD policy. Give your employees training in a format that’s naturally more engaging, and you’re encouraging continuous learning and building their loyalty. 

BYOD policy advantages and disadvantages

What risks and benefits of BYOD do you have to be aware of? Let’s find out: 

Pros of bring your own device policy

• Cost savings: a BYOD policy can save businesses $341 per employee. At scale, that’s significant savings. 

• Faster onboarding: if you don’t need to teach your employees how to use a device, the onboarding process will be quicker and easier for you to create and for them to undertake. 

• Higher engagement: the more usable and intuitive a device is, the fewer barriers there are to engagement - and therefore work - there are. 

• Flexibility: employees’ personal devices can go everywhere with an employee and be accessed at any time, which isn’t necessarily the case for a company with no BYOD policy. 

Cons of a bring your own device policy

• BYOD Security: the biggest risk of a policy like this. IT can’t see what’s being accessed and has a lack of control over how the BYOD device is used. There’s also the risk of malware and hackers, as employees might be more lax about passwords with their own devices.
  
  
• Lack of uniformity: it’s unlikely every member of your workforce is going to have the same device. This could create challenges when it comes to the software your business uses, and your IT department’s ability to troubleshoot employee-owned devices. 
  
  
• Inclusivity: while 90% of the global population has a smartphone, for example, a BYOD policy assumes everyone owns their own tech. There’s also a question of what types of devices your employees have - some might be happy with an older device, for example, while others may not be able to afford more technologically advanced options. 

Risks of a BYOD policy: Should you be worried?

A little more on BYOD policy security. 

If a user’s device is vulnerable, the company network is at a security risk. Employees are more likely to browse a wider range of sites and be less cautious about emails they open and messages they reply to - and the employer can’t put as many precautions in place to prevent malware attacks and protect sensitive information.   

That said, it is possible to ensure data security in a BYOD environment, by using: 

• Virtual desktops: these are a virtual workspace that are hosted remotely, to keep corporate networks separate from the rest of the device.

• Mobile device management (MDM): simply put, this gives the organization the ability to manage mobile devices. 

• Mobile application management (MAM): being able to install, monitor and update applications on an individual’s mobile device. 

• Enterprise mobility management: here, the business manages mobile devices, plus the entire mobile ecosystem related to the business.
  
  
• Unified endpoint management: this is a software that allows the business to monitor, manage and safekeep all devices used by employees. 

The right solution will, of course, depend on your business. 

Apple has also released security updates that make it easier for companies to roll out a BYOD policy for their IOS products. This Apple BYOD policy allows businesses to protect company data without compromising the personal data of their employees. Similar policies are in place for Android models, too. 

Writing a BYOD policy

What should a BYOD policy include?

You’ll want it to cover what devices are permitted and when they are used. When it comes to the how, a good BYOD policy will include: 

• Privacy and permissions: what does the business have access to, and what does it not? What apps are allowed, and what is not? What is acceptable use?
  
  
• Security controls: is two-factor authentication in place? What other security measures does the employee need to take to protect company data and minimize vulnerabilities? Do all apps need to be password-protected?
  
  
• Ownership: who owns the apps and corporate data on the device? 
  
  
• Device loss: at some point, a device will be lost or stolen. It’s important to pre-decide what to do in this situation - for example, does the company have the permission to remote wipe them? 
  
  
• Onboarding and offboarding: how does an employee get onboarded, and what is the exit strategy for an employee who’s leaving the business? 
  
  
• Reimbursement: do employees get any contributions towards their bills or repairs? 
  
  
• IT support: who is responsible for making sure the devices are running properly? What if they break or they need troubleshooting?  

Factors like the size of your business and the industry that it’s in will impact answers to the above questions. For example, a fast-growing business may need to be particularly careful about onboarding and offboarding, while a financial services business will want particularly stringent security measures. 

How to implement a BYOD policy

When it comes to implementation, BYOD policy best practices include: 

• Adopting mobile device management (MDM) software: mobile device management may be delivered via a network, company app or the cloud. By implementing a degree of separation between the work and personal applications of the phone, the business’s sensitive data is better protected. Mobile device management should also include application readiness automation to keep things secure. 

• Having anti-malware technology: a requirement for employees to install anti-malware technology helps to improve device security and keep your company’s data safe. 

• Undertaking regular data backups: in the case of device loss or accidental wiping, you want to make sure that the company data is stored elsewhere and can be recovered.
   
• Employee training: when introducing any new policy, it’s important to train your employees on what it means and how it works. In the case of your BYOD policy, training shows employees how to keep company information safe as well as answering any questions surrounding reimbursement, support, ownership and privacy. 

Now we’ve covered what a BYOD policy actually looks like, and important steps you have to take to make sure it works, let’s see what they look like in action. 

Examples of BYOD policies in action

The following examples show BYOD policies at different stages - from introduction right through to being embedded in workflows and processes: 

Walmart's BYOD policy: alleviating employee concerns

We’re sure we don’t need to introduce Walmart: 10,500 stores and 2.1 million workers in 19 countries around the world.

It’s also a company with a BYOD policy; its Me@Walmart app allows its workers to book shifts, clock in and out, and troubleshoot daily tasks, as well as restock products more efficiently. As part of the policy, employees are given a new Samsung phone that they’re also allowed to use in their personal time as well as for work purposes.  

It’s worth noting here that the business did receive some pushback, mostly stemming from employee privacy concerns. These were addressed by the business detailing exactly what it could see (like battery level and phone number) and what it could not see (like web activity and personal emails). Walmart’s company BYOD policy is a great example to follow when it comes to alleviating concerns and reassuring employees that the change will benefit them. 

Temco's BYOD policy: $600k saved by the business

Temco Logistics demonstrates what a positive impact a BYOD policy can have on a business. A premier home goods delivery and installation solutions provider, fulfilling deliveries for America’s largest retailers including The Home Depot, Temco Logistics leveraged its BYOD policy to deliver training to its workforce. 

Before this change, Temco relied on in-person training to make sure drivers and technicians moved between jobs safely and installed products effectively. Delivering training to its multi-thousand, mostly millennial workforce via mobile phone meant that its people always had access to the knowledge they needed, as well as a learning experience that resonated.

As its Director of L&D Dan Drenk put it: 

“If they’ve forgotten how to do a particular task - or they’ve never learned how - they can get straight to it, and see exactly how to do it in three minutes or less.” 

The result? $600,000 saved by the business thanks to a reduced accident rate - not to mention the additional savings by not providing each employee with their own device. 

McCoy's Building Supply BYOD policy: a 94% employee satisfaction rate

McCoy’s Building Supply is a US retailer selling lumber, building supplies and farm and ranch equipment across multiple states. Like McCoy’s Logistics, it utilized its BYOD policy to improve the delivery of its compliance training - which was previously delivered in-person and on paper. 

Using multiple channels for communication has been “a big improvement” according to Jason Trail, McCoy’s Building Supply’s Training and Development Manager. In fact, it’s a big improvement to the tune of a 95% training completion rate, and a 94% employee satisfaction rate. 

The beauty of a BYOD policy is that it’s totally adaptable. Whether your business is big or small, all over the world or in one place, has workers sitting at desks or out on the field - a well-executed BYOD policy allows it to stay current. Plus, you’ll be on top of security concerns, meeting employee technology expectations and delivering the best communication and training experiences out there. Quite the opposite of a 2010s relic. 

And if you need some training technology to help support your BYOD policy, allow us to introduce ourselves. We’re eduMe, the only device-agnostic training platform on the market. What does that mean? Whether your workers are on a desktop, LMS or mobile phone, eduMe can deliver training to them, wherever they are. 

If you want to start reaching your workforce where they are, take a look at this quick product walkthrough video, or get in touch with the team for an obligation-free consultation.