Not Having a BYOD Policy Can Get Expensive
Cybersecurity is, it’s fair to say, a major obsession in corporate and government circles. The evidence isn’t merely anecdotal: A whitepaper released earlier this month and analyzed by CorpCounsel.com says that cybersecurity is one of the top risk factors cited in filings to the Securities and Exchange Commission.
You’re concerned, too, if the results of our 2013 In-House Tech Survey are anything to go by. Specifically, a good chunk of respondents are worried about leaks from employees bringing their own devices (BYOD) to work—and carrying company secrets out with them.
Here’s some more reinforcement: A survey by e-discovery vendor FTI Technology shows that 64 percent of the in-house lawyers responding called Big Data their biggest e-discovery challenge, and are preoccupied with the implications of BYOD.
“Many of us are dealing with the BYOD issue right now,” notes one respondent. “There’s a lot of competition between IT, which wants to serve the employees, and the legal/compliance teams, who want [security on devices] done properly.”
What’s a tech-savvy corporate counsel to do? You can’t go back, says Erik Hammerquist, director of FTI. “So you have to have an acceptable use policy.” He says legal departments, working with IT and human resources, need to issue written rules for employees accessing company data on personal devices. These policies should be read and signed by the employees.
Some companies are going further, making sure that IT professionals segregate company material on a separate part of the employee’s phone, tablet, or laptop.
What happens if you don’t have formal BYOD policies? “It can get expensive,” says Hammerquist. Often, e-discovery means getting access to the employee’s device. If the employee refuses, “it can get complicated—and expensive.” He talks about one situation he experienced in which an entertainment industry employee balked at letting his company lawyers see texts on his phone. “Another law firm was brought into the matter—another expense.”
Having a BYOD policy—and employees who adhere to guidelines—can mitigate such risk and expenses. In the end, Hammerquist says, “if you can control what happens when people misbehave, you’re doing okay.”