Don't Let Your Company Be Caught In the BYOD Trap! | Secure Cloud Backup Software | Nordic Backup

Whether you know it or not, BYOD is happening in your company. BYOD stands for Bring Your Own Device, and that’s what millions of workers are doing on the job every day. Whether it’s a smartphone, a tablet computer, or a laptop, surveys indicate that as many as 90 percent of employees sometimes use their own personal mobile devices to get their work done.

Some companies have welcomed the BYOD phenomenon due to its demonstrated benefits in terms of employee morale and productivity. Others, aware that the practice can make them vulnerable to liabilities they’d rather not have to deal with, have gone so far as to forbid it. However, that strategy is ineffective, as the results of one survey reveal that, of workers who are using their own devices on the job, a full 30 percent are doing so in direct violation of company directives.

BYOD is an inescapable fact of modern life for businesses of all sizes and types, whether they like it or not. But if a company has not prepared itself by establishing a well-defined BYOD policy, it may find itself with legal liabilities it never saw coming. That’s the BYOD trap.

Issues Your Company’s BYOD Policy Should Address

If your company is to avoid the BYOD trap, it must have a well-thought-out and comprehensive BYOD policy that employees are not only aware of, but that they also are required to adhere to. Here are some of the most critical issues you need to be sure are adequately addressed in that policy statement:

Data security

When company data is downloaded onto an employee’s personal device, that data immediately becomes vulnerable. Surveys indicate that most people take few precautions to insure that the information on their smartphones or tablets remains secure. If a worker who is browsing the web on his or her own time happens to pick up malware from some website they visit, company information that’s also stored on their device may be compromised.

Your BYOD policy should put in place enforceable rules for how all the information on an employee’s personal device is to be kept secure.

Loss or theft of an employee’s device

Cell phones get lost and stolen all the time. If that happens with a device your employee is also using for work, it may put your company in a difficult position. If, for example, sensitive personal data is stored on that lost or stolen device, you may have a legal obligation to notify customers, government agencies, or the public at large.

You should include provisions in your BYOD policy that allow you to remotely erase company data from missing devices. Also, the policy should require employees to immediately notify the company if a device used on the job is no longer in their possession for whatever reason.

Fair Labor Standards Act (FLSA) Compliance

FLSA requires that non-exempt employees be appropriately compensated for any overtime work they may do. This can include, for example, something as simple as the worker deciding to check for job-related emails at 10 p.m. before going to bed. As far as FLSA rules are concerned, that’s work, and if it occurs beyond the limits of a 40-hour work week, may require that overtime be paid.

This is a more serious issue than some realize. Companies have been sued and ended up paying substantial fines for failing to pay workers for job-related activities they perform using their own personal smartphones or tablets.

Your company’s BYOD policy should clearly spell out your rules for employees’ use of their devices for work beyond the limits of a normal 40-hour work week. If you would not allow non-exempt employees to choose on their own to work overtime while on the company premises, your policy statement should make it clear that they are not allowed to do so while using their personal devices.

Employee Behavior When Using Their Devices

In 2012, Coca-Cola was sued and required to pay a $21 million judgment because of an accident that occurred while one of their truck drivers was talking on her cell phone. The company had a policy that required use of a hands-free device while driving, but the jury believed the plaintiff’s claim that the policy was “vague and ambiguous.”

This case illustrates that not only must your BYOD policy be clear and comprehensive concerning the behavior expected of employees while using their devices (even, by the way, on their own time), but that policy must be monitored and enforced. Otherwise, your business may find itself being held liable for employee conduct that in any way involves a personal device they also use for work.

If any of these issues should crop up among your employees who use their personal devices on the job, your first line of defense is your written, widely communicated, and consistently enforced BYOD policy statement. If your company doesn’t yet have one, or if the one you have is not well thought through, now’s the time to fix that situation. Otherwise, it’s all too easy to find yourself unexpectedly caught in the BYOD trap.

Share This