Protecting Your Business With a BYOD Policy

Aug 19, 2014


Employees will expect to use personal electronic devices in the workplace and employers need to be prepared with a BYOD (bring your own device) policy.


At the 2014 SAF Annual Convention Joe Aldeguer and I presented a session that touched on safer computing. One of the things covered was the idea of a BYOD (bring your own device) policy for small businesses.

The general idea is that most employers are going to encounter employees that want to bring personal electronic devices (smartphones, tablets, etc.) with them to work. How and when these devices are then used in the workplace becomes something that the employer needs to address. That is done through a BYOD policy that all employees have to read, sign, and adhere to.

Why is it so important? Those tiny devices aren’t just phones and e-readers… they are powerful computers, cameras, video/audio recorders, etc. With them comes a number of threats including lost productivity, unprofessional conduct, compromised security and more.

Some of the areas your BYOD policy needs to address are:



Retail customers expect courtesy and deserve attention. Customers used to get frustrated when they saw employees paying more attention to a phone call or chatting with their coworkers but today they are more likely to be put out by an employee too engrossed in their phone to look up and greet them politely.

This is largely a generational issue (there is a generation that will converse while spending most of the time looking at their devices and carrying on simultaneous exchanges via text message, etc.) but any customer, regardless of generation, is unlikely to enjoy competing with a device for the attention of an employee who is supposed to be helping them.

A good BYOD policy would explain what happens should happen with devices when dealing with customers. If your policy allows employees to carry their devices (some don’t) you might specify that the devices never come out in the retail areas where your employees interact with your customers.



The time an employee spends on a personal device is largely time lost from the employers point of view. It might only take a few seconds to send a text, check Twitter, or post to Facebook but when the device is always within easy reach that time can add up. And, since people really aren’t that good at multi-tasking, shifting gears between work and devices really hurts efficiency.

One option is to have employees place their devices in a locker when they get to work. The locker part isn’t essential, the real goal is to just get the mobile device off their person so they can’t be checking it constantly. This means that they can only retrieve and use it on breaks.

Another less strict approach allows the employees to keep the devices with them with the understanding that they don’t let themselves get distracted from work. This seems more lenient but can actually create more friction. If the employer sees the device frequently they have to start questioning the judgement of the employee and that can lead to resentment.

Your BYOD policy should address where devices can be kept and when they can be used. Are they to be put away and only used breaks? Or can they be carried, only to be used with discretion? If so what is considered appropriate use?




The internet can deliver an almost infinite variety of content anywhere, but much of it is completely inappropriate to the workplace. One worker might use a personal device to access content that another finds offensive, and that employee could accuse you of providing a hostile workplace. This means that in addition to specifying when your workers can use personal devices you also have to specify what is acceptable in the workplace. You wouldn’t allow your employees to flip through pornographic magazines in the lunch room so you can’t let them access similar material, even on their personal devices, in the workplace.

This means that your policy needs to specify what types of content are acceptable/unacceptable for the workplace. You can further protect yourself with a content-filtering system (such systems block access to certain types of content at your direction) but employees still have access to anything over their cellular data connections. They have to know what is/isn’t allowed and which is why you need a policy.

Another consideration involves network resources. If you give employees access to your store wi-fi network you need to set up a separate guest account and restrict their personal devices to that. If you don’t you are likely giving them access to shared files and other valuable resources on your network.

Some of those concerns can be addressed by securely configuring your network but your employees need to be aware of the rules. In this case explain that while you are kind enough to let them use your internet connection they cannot, under any circumstances, copy, open, transfer, alter or delete any files that might be available over the network.

Your policy also need to clarify that personal devices never, ever, get plugged into any of the computers on the network. It’s fine to plug a personal device into a power outlet to charge it but connecting directly to a computer via a USB port is incredibly dangerous and can never be allowed.


Your personal device policy will almost certainly change over time. Be sure to keep your employees advised of those changes so that they can comply.

You should also discuss your policy with potential employees during the interview process. Given how people are so attached to there devices it is an important part of the workplace environment and should come up when you talk about the position, hours, etc. You can say something like “we have a formal policy here governing the use of personal devices in the workplace. You’ll have to leave any devices in your locker while you’re working. You can look at it during breaks, but you can’t ever use it to access or view inappropriate or offensive material on the premises. We’d require you to read and sign off on that policy before hiring you, and breaking it would be cause for termination. If you have any questions please ask them now”.

Category: Floral Industry

Related Content

How To Migrate Google Authenticator To A New iPhone

Instructions on how to move Google Authenticator to a new iPhone so you don't lose access to accounts with two-factor authentication enabled.

Why Have Security Questions After Password Authentication?

Asking security questions after password authentication is not just pointless, it actually makes things less secure.

How To Securely Hide (and Encrypt) Files On Mac OS X

How to hide/secure files on your Mac: An easy approach to protecting your data by securing, hiding, and encrypting selected files and folders in Mac OS X.

Security Through Obscurity On Mac OS X – Better Solutions

A look at how security through obscurity (hiding files) is doomed to fail in Mac OS X, plus a look at some easy ways to truly secure files on your Mac.

Showing Hidden Files vs Hiding Regular Files in Mac OS X

They might seem like flip sides of the same coin but the techniques used to show hidden files on a Mac are not the best solution for securely hiding files.

What Does Incognito/Private Mode Really Mean?

The incognito or private mode in your web browser can offer you some additional privacy but not as much as you may think, and you still need to be careful.

"Your Apple Device has been locked..." Another Scam

Does "" say "Your Apple Device has been locked, due to security reasons"? Don't panic, it's not – just don't call the number!

Short Guide to (Finding, Sharing, etc.) SSH Keys on Mac OS X

A short guide to SSH keys and Mac OS X: How to create, find, share and add SSH Keys (and deal with related SSH errors and warnings) on Mac OS X.

Open Safari Without Opening Windows From The Last Session

How to open Safari without automatically re-opening windows/tabs from the last session. This can save you if you ever run into ransomware.

Sure Your Flower Shop Website Works The Way You Think?

Too many florists believe they have responsive websites that work well from mobile devices but don't. Mobile is vital & you need to know what to look for.

Category List

Tag List

Tag Cloud