Enterprise-level BYOD policy dos and don’ts

There’s no way around it. Your organization needs a Bring Your Own Device (BYOD) policy. In fact, it probably needed it two or three years ago.

You dig in and do your homework. You evaluate the options, assess the upsides, and prepare for potential drawbacks. You’ve taken in tons of advice and information. It’s time to sort through it all. Before you go into information overload, tie up your research with our handy list of BYOD policy dos and don’ts.

Don’t forget the gatekeepers

Your IT team probably has existing precautionary guardrails to protect devices and networks.

That’s a great start. But as the BYOD policy develops, IT administrators need to stay informed and involved.

Their teams are accountable for network security. And they know better than anyone the boundaries that need to be set as part of the policy.

Do be cautious yet flexible

In a post for cybersecurity authority Security Intelligence, New York Times best-selling author and award-winning journalist Bob Sullivan stands firm against opinions BYOD is another tech trend. “Neither BYOD nor IoT is going anywhere.”

“So, what should IT departments do?” Sullivan asks. “The solutions aren’t easy—and they’re going to have to evolve alongside every new gadget and application that connects to the company network.”

Is your BYOD policy putting the responsibility on IT to secure every device on your network?

Remember that this isn’t about limiting or restricting device use. It’s about empowering those entrusted to protect the company’s systems and infrastructure. Make sure these policies support your IT department’s overall BYOD objectives.

“Ensure constant monitoring of approved hardware and software,” Sullivan writes, “Just because your team decides a particular tablet or application is safe today doesn’t mean it won’t be unsafe tomorrow.”

Consider how future technologies might impact security. Is there a good possibility that IT will find itself stretched thin? Will IT end up playing “patch-a-mole” with every new OS update and firmware release? If so, you may want to leave some room in the BYOD policy for a managed IT services provider (MSP) to shoulder the load.

Don’t reinvent the wheel

Your BYOD policy needs to consider your organization’s specific technological needs. Think about the size of your company. Think about the kind of tech that benefits your employees. Identify the types of devices you can do without. Separate the must-haves from the nice-to-haves.

Now that you’ve determined who needs to support and influence your BYOD policy and what types of circumstances it needs to address, the fine folks at IT Manager Daily have done us all a solid and posted a BYOD Policy template.

Just cut it, paste it, and make it your own. Maybe put it on the good company stationary you save for special occasions or prepare to upload it to your human capital management system, but first . . .

Do make sure legal reviews the policy

The policy is ready for release after your legal department has officially vetted it. But you still need their help identifying who’s responsible for communicating what. You need their assistance defining what the company considers adequate communication.

Do you send an email to employees asking them to stay on alert for possible phishing attacks? Or is the company on the hook to provide more comprehensive education? Should employees acknowledge in writing that they understand the new policy?

Defining and enforcing the BYOD policy in these ways can make or break its effectiveness.

This is an instance where it is perfectly acceptable to assume the worst. Employees will reuse passwords. New technology will fail. Legacy tech will stop being patched for current threats. A new hire will log into his laptop at a coffee shop, hop on a free network, and access a bunch of sensitive data without thinking twice.

The legal department is a crucial ally when developing any type of company policy. They’re a key partner in making sure the BYOD policy you craft, draft, and deliver is effective and won’t leave the company exposed if a data breach occurs.

Should companies embrace wearables?


Technology has gotten far more mobile within the last decade. The laptop was already allowing employees to maintain productivity on the go, but this device got augmented by the arrival of the commercial smartphone, tablet and, now, wearables. Each new hardware unveiling has increased the amount of work that can be done while mobile. This shift is leading some in the enterprise space to rethink office structure and workflow.

However, should businesses be embracing innovation at this pace? Rapid adoption of any new technology has downsides and, with cybersecurity concerns on the rise, utilizing innovative hardware can have serious repercussions. Since wearables represent the newest hardware and software infrastructure hitting industries, the question becomes: Should companies embrace this technology or exercise caution until it has become more mainstream?

“Mobile workplaces lead to improved employee retention.”

The advantages of workplace mobility
A mobile workplace strategy provides several advantages. Many of these benefits, such as the greater likelihood for increased collaboration among employees, are straightforward. The more data that workers can store on their person, the less they’ll have to retreat to their desks to retrieve information.

Another benefit that may not be so apparent is how mobile workplaces lead to improved employee retention. Workers who sit at their desks all day are likely busy but may not be engaged in the workplace or its culture. This sentiment makes the task just another job, and, eventually, the employee may leave to find another that pays better or offers superior benefits. According to Deloitte data, however, engaged employees are 87 percent more likely to remain at their companies.

Mobile workflow allows workers to get up, be more flexible and do more, all of which can lead to higher levels of productivity and revenue for a business. In some ways, wearables represent the pinnacle of mobile workplace technology. With a device like augmented reality glasses, workers don’t even have to glance down at a screen to see data. This flexibility means employees can update one another in real time with the most relevant data.

How to embrace BYOD  for wearables
It feels strange to say now, but the smartphone did not begin with the iPhone. Blackberries and other enterprise devices existed for years prior to Apple’s launch. However, within less than a decade, Apple and Samsung overthrew the Blackberry and are enjoying immense adoption rates. What’s the reason? People liked using the tech.

Likewise, workers brought this hardware to the office before many organizations had concrete “bring your own device” policies in place. Some businesses still resist given the information security concerns associated with BYOD. However, rejecting BYOD can be just as perilous because many employees will still use personal devices anyway.

The better option is to embrace the mobile nature of this new hardware and work to develop a comprehensive BYOD policy that reflects and monitors every device. According to Tenable, many companies make BYOD available to all (40 percent) or some (32 percent) of employees, so the goal is design a strategy that reflects each employee’s device usage.

Pew Research found that, unsurprisingly, 77 percent of Americans own a smartphone. Another 53 percent own a tablet. Wearables are newer, so their device distribution is much lower. Even relatively common devices like Fitbit have not reached the level of tablets. Wearable glasses have yet to have their “iPhone moment,” where one consumer device connects and enjoys wide commercial appeal.

That said, a lower number of these devices does not mean companies can ignore them. Valuable data can be stored on a smartwatch as easily as it can on a laptop. Companies using BYOD should plan for wearables now before the devices become mainstream, allowing IT teams to create and deploy a strategy that will be safe.

Most wearables are linked to a smartphone, meaning they share the same data library. Most wearables are linked to a smartphone, meaning they share the same data library.

The problematic nature of cybersecurity
Cybersecurity has been struggling to keep pace with the internet of things in general and, unfortunately, wearables are no exception. A product examination conducted by HP Fortify found no hardware with two-factor authentication but noticed that all tested smartwatches stored confidential information that could be used for identity theft. These devices also received limited security updates.

Wearables will likely be driven by the same commercial appeal that spurs other recent technology, meaning that the two factors that will be stressed above all else will be price and usability. While this focus will make employees happy, it can create fits for an IT team or chief information security officer.

To help improve the cybersecurity of these devices, businesses can treat them similar to smartphones by placing them on a different network with less compromising information. Organizations can also look to implement custom multi-step authorization software whenever possible.

Augmented reality glasses often have live feeds meaning that, if hacked, outside sources can see operating data. Augmented reality glasses often have live feeds meaning that, if hacked, outside sources can see worker operations.

Know which wearables can make an impact
Lastly, businesses should not presume that all wearable technology will be viable in an enterprise setting. For instance, AR glasses will need a battery life of at least eight hours to last a full day of work, and smartwatches will have to be durable enough to withstand occasional bumps, even in an office environment.

Before investing in any official company-sanctioned hardware, thoroughly research and test devices to be sure they perform well in a typical environment. Wearables are cutting-edge technology, and many products now are designed for only niche markets rather than the mainstream.

So while companies can adopt wearables now, it makes sense to first have a policy in place. This isn’t the iPhone. Businesses have a chance to get ahead of mass wearable adoption and create policies that make sense rather than reacting to the latest tech trend.

3 strategies to bolster your BYOD policy

Mobile devices have earned their place in business operations as a necessary tool for productivity and employee satisfaction. In fact, IDC predicted that there will be 105.4 million mobile workers by 2020, two-thirds of whom are expected to be remote staff members. Many organizations have adopted bring-your-own-device policies as a result of these estimations, but these plans don't always follow best practices. There are three main strategies you can use to bolster your BYOD policy:

1. Create a detailed plan

A BYOD policy must be very specific and detailed, with rules regarding what devices are allowed, how they can be used and security best practices. Forbes contributor Larry Alton suggested collaborating with the IT team to establish necessary rules while still leaving room for flexibility. Managers must be consistent in the implementation of new standards and BYOD enforcement to ensure that staff are following the guidelines. Post hard copies of the formalized BYOD plan and make it easily accessible. This way, users will better understand expectations concerning data and device usage and how the policy will be managed.

A BYOD policy must detail data security expectations.A BYOD policy must detail data security expectations.

2. Educate employees on best practices

People use mobile devices for a variety of purposes, and each application has rights to access certain information on the device. Organizations must ensure that personal applications don't have the authorization to gather sensitive business data and that workers understand the implications of these situations. It will be important to educate employees on best practices to stay secure and mitigate shadow IT cases.

More phishing attacks are emerging geared toward targeting mobile devices and unsuspecting users. Malicious applications are also becoming more of a prevalent problem, leading to compromised information, data loss and other significant consequences. BetaNews noted that teaching employees how to identify a phishing message and being hyper aware of email abnormalities can reduce risk and better protect their devices.

"CYOD and COPE provide organization control while still ensuring employee flexibility."

3. Implement a hybrid approach

Many organizations are still hesitant to fully adopt or implement BYOD policies due to security concerns and management issues. However, there are a number of alternative approaches that support mobile devices in a way that is safe for business use. Using choose your own device or corporate-owned, personally enabled plans could be the best compromise for company and mobile device needs.

CYOD and COPE are becoming more popular business strategies, particularly among highly regulated industries. Infosecurity Magazine contributor Adrian Dain noted that by using these plans, organizations can effectively manage the device while it accesses company material and can easily wipe the hardware if it's lost or stolen. Employees would still get the flexibility they expect by choosing a device they prefer and being able to operate remotely.

BYOD plans are becoming more essential as the mobile workforce increases. By educating employees, creating a detailed plan and implementing a hybridized approach, organizations can bolster their BYOD strategy. For more information on how to implement and utilize mobile technology effectively in your business, contact ISG today.

Shadow IT: What it is and how to mitigate it

Technology has advanced at an incredibly fast rate in the past few years. Innovations such as the computer that were once thought too expensive for personal use are in a vast majority of American homes, and the emergence of the smartphone has increased the internet’s reach even further.

It would seem that every day some new device or piece of software is making life easier for people, and while this may be good for the consumer, it poses a major risk for IT administrators. The in-office use of these kinds of technology is called shadow IT, and it’s causing some big problems for organizations all over the globe.

How is shadow IT formed?

“The issue at hand here has to do with an employee’s personal convenience.”

The issue at hand here has to do with an employee’s personal convenience. As a rule, shadow IT very often forms when a worker decides to go outside of the company-supported suite of software and hardware in order to use something he or she is more familiar with.

A good example of this would be an employee that gets fed up with a certain file storage/exchange system. They don’t know how to work this platform, so they decide to use a free service that they’ve relied on before.

While this may solve a convenience issue, this employee is now moving company information around utilizing a platform that isn’t supported by the internal IT team. This creates a gaping security vulnerability that a hacker could work to exploit.

BYOD can help foster it

An aspect that a lot of administrators don’t consider is that shadow IT doesn’t just pertain to software or digital platforms. As TechTarget contributor Margaret Rouse points out, hardware is also part of the equation.

Your employees have all kinds of personal devices that they use at home, and they bought them for good reasons. They have experience with this tech, and this can very easily translate to an increase in productivity.

In fact, the bring-your-own-device trend hinges on this exact principle. BYOD allows organizations to sidestep paying for new equipment by simply allowing workers to bring in their own gadgets. On top of that, staff members get the unique ability to complete daily responsibilities with the tech they know and love.

When done properly, this is a perfect example of a win-win scenario. However, a BYOD deployment must be implemented properly. The IT team needs to handle this transition to ensure that the devices in question are properly secured against hackers. Without some kind of security procedure on the books, companies could be looking at a data breach.

The problem is that employees very often don’t know about the risks involved here. Again, without any sort of maliciousness, they’re simply thinking of their own convenience and choose to bring in their own gadgets without clearing it with company officials. In fact, a survey from Gartner found that more than one-third of respondents were currently completing work-related tasks on personal devices without telling anyone about it.

This is huge because the average person simply does not take the time to properly secure their gadgets on their own, especially considering the high standards of data security many industries need.

A consumer affairs survey found that only 8 percent of average smartphone owners had software that would allow them to delete the information contained on their phone should it be stolen. While most people would worry about the photos and other irreplaceable memories in the event of a theft, a stolen smartphone can easily turn into a major data breach should the wrong person get their hands on the gadget.

Smartphones used for work must be secure. Smartphone security is incredibly important in a BYOD plan.

Companies must take action

Clearly, shadow IT is no laughing matter, and organizations must take decisive action in order to mitigate the risks of a data breach. So, what would this look like?

First and foremost, set up a meeting with employees to explain the consequences of their actions. As stated, it’s not that these workers are actively trying to sabotage the company. Rather, they simply don’t understand that using a personal device or outside software could cause serious harm. These people simply need to be educated about what can happen when they step outside the approved systems.

Second, to attack unlicensed BYOD directly, administrators must come up with a plan. This could include banning these gadgets outright, but doing so is nearly impossible to enforce, and completely misses all of the advantages BYOD has to offer when done correctly. A better option may be to simply work with a vendor that knows how to implement a secure system to regulate these devices.

Finally, it might be important to figure out why employees were using outside tech to begin with. Are current solutions not doing what they’re supposed to? Do you need to implement training sessions? Would it be best to simply move on to a different platform? Answer these questions and you can work to find the root of the problem.

Tech in law

Technology today is all about doing more with less, and nowhere is that more apparent than in the legal industry. This sector’s market in the United States has been valued by the Legal Executive Institute to be worth around $437 billion, and with so much money invested, administrators in this field are doing everything they can to streamline the legal process. But what kind of technologies are law firms adopting?

“The cloud has quite a lot of benefits for those working within law.”

The cloud and e-discovery

Like in every other industry, the cloud has quite a lot of benefits for those working within law. Although this technology has a wide range of uses, perhaps the most relevant for legal firms is its ability to quickly and efficiently implement e-discovery applications.

When legal proceedings begin, lawyers start what is called the discovery process. As the name entails, this is where employees at the law firm comb through hundreds or thousands of documents in order to uncover any wrongdoing and to get to the heart of the matter. This is often an extremely inefficient way to handle discovery, and can very easily result in a worker missing a crucial piece of evidence.

Computers are better at discovery than people. Computers never skip a sentence or fall asleep on the job.

E-discovery applications work to cut through this process by using specific searching algorithms to find what the lawyers are looking for. Computers are infinitely better than humans at searching large amounts of data, which is why many law firms have opted to include this technology in their arsenals. However, when choosing to work with e-discovery applications, these organizations have to make a choice between on-premises computing or accessing this technology through the cloud.

Even though e-discovery is revolutionizing the legal industry, it has also increased the risk of a data breach. These documents are often extremely private and contain personal data that a hacker could later use for personal gain. This need to keep information secret certainly isn’t specific to law, but it’s something that is keeping many firms out of the cloud.

However, as many experts have noted, the cloud really isn’t as unsafe as many believe it to be. In fact, Big Law Business contributors Daniel Garrie and Yoav M. Griver stressed that on-premises computing systems can be hacked just as easily as the cloud. Considering the initial costs associated with setting up an in-house computing solution, avoiding the cloud because of a false sense of danger is a mistake.

Contract management software

Another technology a lot of law firms are seeing the benefits of is contract management software. This is a platform through which administrators can easily view the progress of each contract they have created. Modifications can be made quickly and easily to unsigned contracts, allowing everyone with access to the system the opportunity to read and comment on the exact same document. Lawyers can even view how well signers are following up on their obligations on existing contracts.

That said, perhaps the most interesting part of this technology is its ability to manage digital signatures. One of the biggest issues holding legal firms back from adopting more advanced solutions is the fact that a physical ink signature is seen to hold more weight in court than a digital one. This viewpoint is rapidly changing, however, thanks in part to contract management software.


The bring-your-own-device trend is sweeping just about every industry, whether company administrators know about it or not. In fact, a Gartner study found that around 37 percent of people currently using their own gadget for work purposes don’t currently have permission. Considering how people often don’t protect their mobile devices, this is an absolute nightmare for the IT department.

In fact, quite a lot of organizations have had to deal with hackers due to the increased use of personal gadgets for work purposes. A study conducted by IDG Research Services discovered that just under three-quarters of respondents saw a data breach event as a result of poor cybersecurity measures concerning mobile devices.

That said, BYOD has some amazing benefits for legal firms. Lawyers often meet with clients outside of the office, and carrying around important documents is cumbersome and can result in lost or stolen client information. What’s more, other staffers who aren’t lawyers are seeing similar advantages. While this is good in terms of flexibility and mobility of the workers, it’s also putting a major strain on the IT team. Employees should be able to use their own devices to access company data, but only after having implementing certain safety guidelines.

This is why any organization wishing to ensure the security of company records should contact an ISG Technology BYOD specialist. Our experts have years of experience with this trend, and we know what it takes to keep a law firm’s data safe.