In 2016, there were over 1,000 reported data breaches in the United States that exposed 36,601,939 records. An unknown number of those records may have contained information such as Social Security numbers, driver’s license numbers, or financial account information.
If you permit employees to access company data (including business emails) from their smart phones and personal devices, a strong BYOD policy is essential to reduce the threat of a cybersecurity incident and possible disclosure of confidential business or personal information. BYOD policies must be tailored to the needs of your organization, and written in close cooperation with your IT department. At a minimum, a BYOD policy should cover the following:
- Mandate that employees use strong passwords on all devices
- Restrictions on use by family members or other third parties
- Instructions on what to do if a device is lost or stolen
- Details on data back-up requirements and mobile device management software
- No private company data should be sent over personal email
- No personal information should be sent to or from company email account
- Directions about what happens to a device when employment ends
If your business is considering implementing a BYOD policy or you need help updating an existing policy, contact any member of our employment group.