Bring your own device (BYOD)

BYOD, or bring your own device, is an information technology (IT) policy that permits employees to bring personal devices into the workplace. Such devices include smartphones, tablets, and laptops. Employees can access company systems, data, and other applications by using personal devices. While the practice of BYOD can benefit both employees and employers, it also has risks for employers. Despite these risks, BYOD policies are becoming increasingly popular among organizations.

BYOD Basics

The term bring your own device (BYOD) was coined in 2009, but widespread use of BYOD policies did not begin until about 2011. At first, employees most often used BYOD practices to perform small tasks at work. For example, employees may have used smartphones to access lists of business contacts. However, as technology progressed, more employees and employers began implementing the practice. Among other daily tasks, employees typically use their personal devices to create, store, and send large amounts of company data.

In the mid-2010s, as use of BYOD in the workplace continued to expand, schools also began adopting BYOD policies, especially at the high school level. This option has proved particularly appealing for schools facing budget cuts. However, in some schools, the allowance of students to bring and use their own devices highlighted inequities and also opened the door to students mixing their personal lives and data with their school work. Particularly by 2020 during the COVID-19 pandemic, many schools across the United States began providing students with school-issued devices in order to work from home and to curb any inequities BYOD might have introduced.

BYOD is most popular among the Generation X and Millennials. Generation X includes people typically born between the late 1960s and the 1970s, while Millennials consist of people generally born in the 1980s or 1990s. Members of these generations are more likely to practice BYOD because they grew up with access to the latest technology and often already own their own devices.

When it comes to BYOD access, employers typically offer their employees one of four options: unlimited access, access that restricts sensitive systems and data, access that is monitored by the IT department, and access that prohibits data storage on employees' personal devices.

Benefits

BYOD policies offer several benefits to both employers and employees, including an increase in productivity, a rise in employee satisfaction, and a cut in company costs. Increased productivity among employees often results from BYOD implementation because employees are generally more comfortable and proficient using their own devices than they are using company devices. Furthermore, since personal devices are typically kept in sight both inside and outside of work times, this can lead to increased productivity even when employees are not at work. Employees also tend to stay on top of the latest upgrades and features for their personal devices, whereas companies may not. Additionally, BYOD gives employees the luxury of using just one device instead of multiple devices. Furthermore, as more employees began working remotely during the COVID-19 pandemic and beyond, many found it easier to purchase and maintain their own devices that they could easily also use in their own homes, as opposed to having multiple devices.

BYOD also helps companies cut costs because employees buy their own devices and data services. Companies can also experience savings on office space costs. Because personal devices are portable and wireless, companies may not need to provide employees who practice BYOD with fixed desk space or wired Internet, thus saving the company money.

Risks

Although the practice of BYOD offers benefits, it comes with several risks for employers and concerns for managing business data. These risks can include security concerns, an increase in IT support, and legal issues. Allowing employees to practice BYOD invites multiple personal devices into the company, which may increase viruses and malware entering the company's systems. This can lead to serious security problems for the company, including data loss. Additionally, employees' personal devices may become lost or stolen, which could leave company data vulnerable to outside threats. This also can lead to debate over whether a company needs permission from an employee to remote wipe a device.

The practice of BYOD also could increase the need for IT support. With numerous personal devices to account for, a company's IT department may have to expand its staff and spend more time troubleshooting problems. This could cause additional IT support costs for the company.

Several legal issues also may arise with allowing BYOD. For example, in the event that an employee leaves the company, concerns exist about how the employer should remove company data from the employee's personal device or whether the company can legally remote wipe the device. Lastly, a company that needs to search an employee's personal device would have to determine if any data on the device is private and how to proceed.

In 2023, the National Institute of Standards and Technology published a Cybersecurity Practice Guide that outlined ways companies and organizations could safely and successfully implement BYOD policies for their employees or members. The comprehensive guide provided risk assessments and presented potential security threats and solutions.

Studies on BYOD

More and more businesses are allowing the use of BYOD, which has led to an increase in security concerns. According to a 2014 study by LinkedIn Information Security Community on behalf of Vectra Networks, which was based on a survey of more than 1,100 IT professionals, about one-quarter of the survey's respondents said that within a year, their employers would increase funding for BYOD practices. The study found that mobile computing was ubiquitous, with 87 percent of all people using smartphones, 79 percent using laptops, and 68 percent using tablets. The study also found that 57 percent of businesses required mobile computing among their employees.

The study reported that the practice of BYOD increased the need for additional IT support. Among the respondents, 67 percent stated they worried about losing company files and data, while 57 percent worried about unauthorized access to information on their devices.

IT professionals also said that their management of mobile computing was advancing, as 67 percent used passwords to protect company information on devices. In addition, results showed an increase in the use of security tools with more than half using data wiping and more than 40 percent using encryption. Furthermore, many companies have enacted polices related to BYOD practices. More than 50 percent of the respondents cited that their organization had e-mail policies, while just about half had policies for access authentication and device wiping.

Despite these figures, 72 percent of the IT professionals believed that their organization needed security improves, including logging, monitoring, and reporting practices. The study also showed that 61 percent believed that employee productivity was the most important goal for instituting BYOD measures, while 52 percent felt better security was needed.

According to a 2021 Cybersecurity Insiders BYOD Security Report, 82 percent of businesses allowed personal devices in some capacity in the workplace or workspace. This shift was in part due to the COVID-19 pandemic and the rise in remote work among U.S. workers. It also noted that employees and employers were most concerned about privacy and data breaches, respectively.

A study published in 2023 compared various cybersecurity measures for data storage for businesses and organizations using BYOD policies. It found that having a data secure storage system with encryption and decryption functions would protect employees and businesses best.

Bibliography

AlShalaan, Manal R., and Suliman M. Fati. "Enhancing Organizational Data Security on Employee-Connected Devices Using BYOD Policy." Information, vol. 14, no. 5, 2023, p. 275. doi.org/10.3390/info14050275. Accessed 30 Oct. 2024.

Cybersecurity Insiders. BYOD Security Report. Bitglass, 2021, pages.bitglass.com/rs/418-ZAL-815/images/CDFY21Q2BYOD2021.pdf. Accessed 29 Oct. 2024.

Dacanay, Brianna. “FCPS Ends Bring Your Own Device Program for All Students.” The Lance, 7 June 2024, lhslance.org/2024/news/fcps-ends-bring-your-own-device-program-for-all-students. Accessed 29 Oct. 2024.

Howell, G., et al. "Mobile Device Security: Bring Your Own Device (BYOD), Special Publication." National Institute of Standards and Technology, 2023. doi.org/10.6028/NIST.SP.1800-22. Accessed 29 Oct. 2024

Lannon, Paul G. "BYOD Policies: What Employers Need to Know." HR Magazine, 1 Feb. 2016, www.shrm.org/hr-today/news/hr-magazine/pages/0216-byod-policies.aspx. Accessed 29 Oct. 2024.

Lyons, Jim. "How Schools Are Adjusting to the Bring Your Own Device (BYOD) Trend." Forbes, 19 Aug. 2016, www.forbes.com/sites/netapp/2016/08/19/how-schools-are-adjusting-to-the-bring-your-own-device-byod-trend. Accessed 29 Oct. 2024.

“What Is Bring Your Own Device (BYOD)?” IBM, www.ibm.com/topics/byod. Accessed 29 Oct. 2024.