At the 2014 SAF Annual Convention Joe Aldeguer and I presented a session that touched on safer computing. One of the things covered was the idea of a BYOD (bring your own device) policy for small businesses.
The general idea is that most employers are going to encounter employees that want to bring personal electronic devices (smartphones, tablets, etc.) with them to work. How and when these devices are then used in the workplace becomes something that the employer needs to address. That is done through a BYOD policy that all employees have to read, sign, and adhere to.
Why is it so important? Those tiny devices aren’t just phones and e-readers… they are powerful computers, cameras, video/audio recorders, etc. With them comes a number of threats including lost productivity, unprofessional conduct, compromised security and more.
Some of the areas your BYOD policy needs to address are:
Retail customers expect courtesy and deserve attention. Customers used to get frustrated when they saw employees paying more attention to a phone call or chatting with their coworkers but today they are more likely to be put out by an employee too engrossed in their phone to look up and greet them politely.
This is largely a generational issue (there is a generation that will converse while spending most of the time looking at their devices and carrying on simultaneous exchanges via text message, etc.) but any customer, regardless of generation, is unlikely to enjoy competing with a device for the attention of an employee who is supposed to be helping them.
A good BYOD policy would explain what happens should happen with devices when dealing with customers. If your policy allows employees to carry their devices (some don’t) you might specify that the devices never come out in the retail areas where your employees interact with your customers.
The time an employee spends on a personal device is largely time lost from the employers point of view. It might only take a few seconds to send a text, check Twitter, or post to Facebook but when the device is always within easy reach that time can add up. And, since people really aren’t that good at multi-tasking, shifting gears between work and devices really hurts efficiency.
One option is to have employees place their devices in a locker when they get to work. The locker part isn’t essential, the real goal is to just get the mobile device off their person so they can’t be checking it constantly. This means that they can only retrieve and use it on breaks.
Another less strict approach allows the employees to keep the devices with them with the understanding that they don’t let themselves get distracted from work. This seems more lenient but can actually create more friction. If the employer sees the device frequently they have to start questioning the judgement of the employee and that can lead to resentment.
Your BYOD policy should address where devices can be kept and when they can be used. Are they to be put away and only used breaks? Or can they be carried, only to be used with discretion? If so what is considered appropriate use?
The internet can deliver an almost infinite variety of content anywhere, but much of it is completely inappropriate to the workplace. One worker might use a personal device to access content that another finds offensive, and that employee could accuse you of providing a hostile workplace. This means that in addition to specifying when your workers can use personal devices you also have to specify what is acceptable in the workplace. You wouldn’t allow your employees to flip through pornographic magazines in the lunch room so you can’t let them access similar material, even on their personal devices, in the workplace.
This means that your policy needs to specify what types of content are acceptable/unacceptable for the workplace. You can further protect yourself with a content-filtering system (such systems block access to certain types of content at your direction) but employees still have access to anything over their cellular data connections. They have to know what is/isn’t allowed and which is why you need a policy.
Another consideration involves network resources. If you give employees access to your store wi-fi network you need to set up a separate guest account and restrict their personal devices to that. If you don’t you are likely giving them access to shared files and other valuable resources on your network.
Some of those concerns can be addressed by securely configuring your network but your employees need to be aware of the rules. In this case explain that while you are kind enough to let them use your internet connection they cannot, under any circumstances, copy, open, transfer, alter or delete any files that might be available over the network.
Your policy also need to clarify that personal devices never, ever, get plugged into any of the computers on the network. It’s fine to plug a personal device into a power outlet to charge it but connecting directly to a computer via a USB port is incredibly dangerous and can never be allowed.
Your personal device policy will almost certainly change over time. Be sure to keep your employees advised of those changes so that they can comply.
You should also discuss your policy with potential employees during the interview process. Given how people are so attached to there devices it is an important part of the workplace environment and should come up when you talk about the position, hours, etc. You can say something like “we have a formal policy here governing the use of personal devices in the workplace. You’ll have to leave any devices in your locker while you’re working. You can look at it during breaks, but you can’t ever use it to access or view inappropriate or offensive material on the premises. We’d require you to read and sign off on that policy before hiring you, and breaking it would be cause for termination. If you have any questions please ask them now”.
