Page 33 - index
P. 33
The Employee BYOD Bill of Rights
Looking at this from the employee device and personal data owner perspective, some very clear
lines of engagement and acceptability between employee and employer have emerged. As a
result Webroot developed and created an employee BYOD Bill of Rights to act as a guideline to
bridge the gap between employees’ preferences and the needs of the employer. These rights,
which we recommend based on our extensive research, are:
1. Right to privacy over personal information
2. Right to be included in decisions that impact their personal device and data
3. Right to choose whether or not to use a personal device for work
4. Right to stop using their personal device for work at any time
5. Right to ask for back-up of their personal data in the case of a remote wipe
6. Right to operate a device that is unencumbered by security that significantly degrades
device performance and/or battery life
7. Right to be informed about any device infections, remediation, or any other activity that
might affect their device’s performance or privacy
8. Right to download safe apps they want onto their personal device
Conclusion
Our research indicates that most disconnects over the use of personal technology to access
corporate data are solved by having a dialogue between both parties over adequate security,
data and employees’ personal privacy concerns.
There are some clear recommendations when it comes to BYOD.
• Employees must have mobile device security, and employers need to ensure they install
adequate protection and require that features like password access are turned on.
• Invest in educating employees about the risks associated with mobile devices and the
benefits of them securing their devices. Informed users are then far more likely to ‘buy-
in’ to employers’ BYOD security requirements.
• Don’t mandate mobile security usage without engaging users first, otherwise you risk
alienating nearly 50% of your employees and losing the productivity gains from BYOD.
• Acknowledge the employees’ concerns and personal privacy when setting mobile
security policy, ideally by using a framework such as the “BYOD Bill of Rights”.
• Ensure web-browser data security breach concerns are fully answered to your
organization’s satisfaction.
• Have mobile security and access policies, but remember they only work and are
respected if they are enforced.
• Simplify security management – don’t let employees dictate different security platforms
as the management is going to be far too ‘time consuming’.
33 Cyber Warnings E-Magazine – October 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
