You want the convenience of using your personal tech device for work purposes, and your employer likes the idea of not having to buy you another one just for work.
It sounds like a win-win situation, and that’s why so many companies are implementing bring-your-own-device, or BYOD, policies.
“Employees only have to carry one device, and they get to use their cool device instead of what may be a stodgy device the company provides,” says Dave Rosenbaum, president and CEO of Real-Time Computer Services, a New York City-based IT consulting firm that has clients nationwide.
But Rosenbaum and other experts caution that it’s not just your employer who is assuming risk when you use a personal device for work purposes. BYOD poses some risks and considerations for you as well.
“Think about this and plan first, then you don’t have surprises,” says Rosenbaum, who has advised both companies and employees about implementing BYOD.
Your Bring-Your-Own-Device Checklist
Sometimes, the use of personal devices at work evolves before a company can establish best practices, says security expert Robert Siciliano.
“Employees do what they want, and permission happens later, if at all,” says Siciliano.
It’s best for both you and your employer if expectations are spelled out before you begin using a personal device for work.
“From the employee’s perspective, there should be something in writing, even if it’s just an email,” says Rosenbaum.
A bring-your-own-device policy should cover these areas for your protection:
Data security: Your company might require you to install a security application that protects data, locates your smartphone via GPS if it is lost or stolen, or locks the phone after a certain amount of downtime. You’ll likely be required to password-protect your device.
Wiping the device: If your device is lost or stolen, your employer might use an application that allows the company to wipe data. But if you’re using your personal device, that means your photos, contacts and other personal data could be at risk. Rosenbaum has seen personal information lost in several instances.
“Try to get an understanding from the employer what happens if the device is lost or stolen or if the employee leaves the company,” says Rosenbaum.
If you lost your personal phone, you might take a day or two to find it before you tried to lock it down remotely or asked a carrier to shut it down. However, if you’re using your phone for work matters, a company might expect you to report the loss immediately so data can be wiped. Ask if there’s a grace period before data is wiped, particularly if you leave the company.
“You’ve got a lot going on with an employment change,” says Rosenbaum. “The last thing you want happening is having your contacts and personal stuff on your phone disappearing.”
Support: If you have technical issues, understand how much support you’ll receive from your company’s IT department. Will you be expected to resolve problems on your own?
Monitoring: Most companies are equipped to monitor company emails, whether they do it or not. When you’re using one device for both work and personal communications, it can be easy to accidentally send work communications on your personal email account and vice versa.
When there’s legal action: What happens if your employer is sued and your personal phone is subpoenaed as part of discovery? How do you maintain privacy if your employer needs to review the contents of your device?
Financial costs: Know upfront who is paying for both your device and the data plan. Ask what will happen if your device is lost or stolen. Will you be expected to immediately replace it?
Work-life balance: The distinction between work life and home life grows ever fuzzier, and combining work and personal use of your phone could compound that problem.
“The company handbook may say you work from 9 a.m. to 5 p.m., but the culture of the organization may be that you’re on call all the time,” says Rosenbaum.
Ultimately, you need to understand that you might be ceding some privacy and control if you decide to BYOD.
“You need to be thoughtful about what you are doing and what those implications are,” says Rosenbaum.
* * *
Kim Boatman is a Silicon Valley, Calif., journalist who writes about security and technology. She spent more than 15 years writing about a variety of topics for the San Jose Mercury News.