自带设备 (BYOD) 计划(Bring Your Own Device (BYOD) program)有其自身的优点和缺点。这篇文章是三篇系列文章的第一篇——谈论BYOD(BYOD)的好与坏。另外两篇文章致力于创建适当的BYOD策略并找出在实施时要避免的错误。在继续讨论BYOD的好处及其负面影响之前,让我们先看看系统是如何实施的。
什么是自带设备(Device)或BYOD
自带设备(Own Device)系统已经存在了一段时间,并且随着越来越多的企业选择该系统而获得动力。在BYOD结构下,员工使用移动设备可以:
- 将同一设备用于个人和办公室用途
- 随时随地工作
我可以将BYOD分为两个不同的类别:(a)第一个是公司允许使用员工拥有的设备,(b)第二个是公司为员工购买移动设备。在每种情况下,实现都会略有不同。例如,如果公司提供设备,它可能会阻止安装会分散注意力的东西:例如愤怒的小鸟。此外,该公司可能会使用秘密软件来查看您在设备上所做的事情。当然,他们将允许私人使用这些设备,但这会受到一些限制。
简而言之,BYOD 是一种系统,员工可以携带移动设备在任何地方工作(大多数情况下使用办公室 VPN)。(Simply put, BYOD is a system where employees carry a mobile device that they can use to work from anywhere (using the office VPN in most cases).)
BYOD 优势
谈到BYOD时,首先想到的是不同形式的成本节约。在大多数情况下,我们假设您已经拥有移动设备并且您的公司重新配置它以供业务使用。如果是这种情况,企业可以节省购买设备的费用。
截至目前,使用员工现有设备的做法并未得到太多实施。相反(Rather),公司自己购买移动设备,对其进行配置并将其提供给员工——在这种情况下,员工通过以下两种方式受益:
- 他们使用办公室VPN连接到互联网(Internet),从而节省了互联网(Internet)成本;
- 他们可以在任何地方使用相同的设备为商业和个人用途工作。这使他们不必携带多个移动设备供个人使用。这里会出现可能会惹恼员工的问题。我们将在企业中使用BYOD(BYOD)系统的负面影响中讨论这些问题。
由于员工可以在任何地方工作,因此整体生产力会提高。由于恶劣的天气或交通可能无法到办公室的员工可以在家或其他任何地方工作。这样可以避免员工缺勤,否则会导致项目延误。如果员工需要提前离开办公室,他们可以稍后处理未完成的工作。例如,如果员工有约会,她/他可以提前离开,见医生,回家并从那里开始工作以完成当天的目标。
BYOD也是一个卖点。人们更愿意与允许单一移动设备同时用于商业和个人用途的公司合作。如果是传统的工作场所,可能不允许人们将个人设备带入办公室。我见过一些工作场所,他们甚至不允许员工的手机进入。与能够将单个设备用于个人和商业工作相比,这是一个很大的障碍。换句话说,拥有完善的BYOD系统的公司往往会吸引更好的员工。
阅读(Read):在 Windows 10 中使用您自己的设备设置和设置。
BYOD 缺点
同样,第一个是成本因素。除非公司相信允许员工的现有设备用于业务,否则他们将花钱购买设备。此外,出于个人目的使用互联网(Internet)只会增加支出。尽管如此,由于还有其他好处,例如移动性和更高的生产力,大多数公司正在转向BYOD系统。
对于员工来说,关闭可能是对设备的限制。我还没有遇到任何员工说组织禁止在BYOD环境中进行个人安装。尽管如此,该组织的政策可能会达到对游戏和某些网站说“不”的程度。
员工担心的另一个原因是他们的隐私。如果他们使用Facebook、Twitter或类似的东西,公司可能能够知道登录凭据。就个人而言,我不相信公司会在窥探方面走那么远,但可能性是存在的。另一方面是在设备上记录或记录员工的行为,这些行为可能会泄露他们不想与任何人分享的信息。例如,使用该设备下载盗版电影。
BYOD系统最有争议的问题或负面因素是公司数据的安全性。当然,员工只能访问其中的一部分,但那部分可能仍然足以将重要信息提供给他人——无论是有意还是无意。应该有一个适当的政策来规定员工可以与他人分享什么以及一个好的退出政策:在员工离开公司时实施。一个不错的选择是将所有业务数据传输到另一台计算机,并从员工的设备中分解数据文件。
自带设备政策
要使BYOD成功,您应该制定良好的BYOD政策。没有完美的BYOD政策。随着技术的进步,您只需不断更改策略即可确保数据安全。
#1 Educate the Employees
如果您正在考虑实施或已经实施BYOD ,请花时间让员工了解该系统是为了方便员工和雇主。(BYOD)您需要告诉他们如何使用他们在移动设备上使用的操作系统和硬件的最新更新和补丁来保护设备。您需要告诉他们数据泄露的可能性以及它如何破坏组织的努力。您需要明确表示不能损害组织数据的隐私。
#2 What all Platforms To Allow
您不能让用户选择几乎任何平台。如果您的组织无法在任何特定操作系统(例如 iOS)上运行,您必须告诉您的员工,选择 iOS 的人不能参与BYOD计划。
在更好的方法中,您可以给他们列出两个三个平台,这些平台可以接受并且足以为组织和员工提供服务。这将带来一定的一致性,这样您就不必雇用额外的 IT 人员来对设备进行故障排除。
#3 Non-Disclosure Agreement
让员工签署NDA,以确保他们不能与任何第三方共享公司数据。让他们了解社会工程学,并教他们锁定数据的方法。
#4 Logging & Responsibility
即使员工反对,这也很重要。记录事件可以帮助您识别是否有任何员工从事非法活动,例如下载盗版电影。在这种情况下,您还需要告诉员工,如果有人要求赔偿而不是组织,他们将负责。这个条款很重要,因为人们经常会使用更便宜的方法来做某事或其他事情。而且由于是员工使用该设备,并且是员工继续下载盗版电影,因此该组织不会被指控犯有任何罪行。
#5 Tracking and Remote Deletion of Data
创建良好 BYOD 策略的另一个重要方面是,跟踪移动设备更多的是为了组织数据的安全,而不是(NOT)了解员工在做什么。移动设备需要配备某种允许远程删除HDD的应用程序。这在以下情况下很有帮助:
- 一名员工丢失了设备
- 一名员工离职并转到竞争对手的组织
存在被激怒的员工故意泄露信息的可能性,NDA协议应该能够解决这个问题。将损害索赔保持在更高的水平,以防止故意共享数据。
在帮助您制定适当的BYOD政策的其他措施中,包括
- 注册设备的MAC地址——这有助于阻止与公司网络的非法连接
- 审计网络——检查(Network – Check)网络是否存在任何可能的漏洞,并检查连接到网络的设备数量。这样,您将能够知道是否有任何未经授权的设备尝试连接。
- 创建公司云,以便远程工作的用户可以将内容存储到公共共享空间,而不是一次又一次地插入您的网络。这将大大降低安全漏洞的可能性。它可以是任何允许存储、协作和加密的东西。
BYOD 解决方案和错误
#1 Employee Education
找一个了解BYOD(BYOD)来龙去脉的人:安全问题、兼容性问题以及其中最重要的部分——社会工程部分。如果您可以为每位员工提供BYOD政策手册以及遇到问题时要联系的人员的详细信息,那将是一个好主意。您可以使用多媒体内容来说明可能的威胁(演示文稿、视频等),以便每位员工都了解该政策。
你必须提醒他们。一次性培训(One-Time-Training)是不够的。您实际上可以以“ BYOD 员工的反馈和需求(Needs)”的名义创建培训课程。您可以强调重点,并要求员工在系统中面临的反馈/问题。这将有两个目的 - 您可以重新插入政策的基本但重要的点,您可以使用反馈来改进并使其成为最佳 BYOD 解决方案之一。
#2 Restricting BYOD To Certain Device Models
我们都知道移动市场瞬息万变。较新(Newer)型号的出现过于频繁,员工会想要购买更好的设备。但如果组织的应用程序不在新模型上运行,员工可能会感到沮丧。一种选择是创建使用类似云的Azure和Microsoft 365的应用程序,这些应用程序将在几乎所有类型的模型上运行。使用和实施Dropbox、OneDrive等通用应用程序进行远程存储和实时协作将促进您的BYOD策略。
如果您希望员工使用业务 IT 部门设计的应用程序,请确保这些应用程序与所有可用于移动设备的主要设备(操作系统)兼容。因此,您将提供可以在几乎任何设备型号上运行的设施,而不是将它们限制在某些设备型号上,即使他们渴望获得大张旗鼓地发布的新Windows手机。(Windows)
#3 Don’t Forget Migrating Process
当上述使用通用应用程序的方法时,从旧设备迁移到新设备并不难。不过,包括一些有助于将数据传输到较新设备(如果存储在本地)然后清除旧设备的内容。人们经常随意(不受保护)地保留旧设备,有些人可能会试图将它们卖掉。在这两种情况下,您都必须先删除业务数据,然后才能被组织外部的人获取。
#4 Not Including Erase Clause Is a Huge Mistake
虽然第 3 点谈到了旧设备,但这一点与新设备有关。很难让员工就这一点达成一致。告诉他们这是为了他们自己的利益。如果他们放错了设备或搬到了另一家公司,您的 IT 部门应该能够远程清除员工设备上的数据。
您不能简单地继续清除数据,因为员工可能会敲门。这种可能性使得有必要在BYOD协议中包含该条款,以便即使您远程删除数据,您也不需承担任何责任。
#5 Responsibility For Illegal Usage
如果员工使用他/她的设备进行非法下载等,应该有一个明确的政策来免除组织的责任。
#6 Forgetting About Upgrades
众所周知,技术不断发展。因此,您的 IT 部门需要使他们的应用程序和其他东西与新技术兼容,以实现顺畅和受保护的流程。移动设备的硬件和操作系统也可能过时,组织应用程序可能无法在现有设备上正常运行。
最好的 BYOD 解决方案包括一个条款,当技术需要更好的硬件或操作系统时,强制员工升级他们的移动设备。如果员工因财务问题无法升级,组织可以为他们提供兼容的设备,或者更好的是,为他们提供贷款以购买最新技术。这将使员工快乐和忠诚。这转化为更好的生产。
以上是我在实施良好的 BYOD 政策时可以识别的一些严重错误。如果您认为我遗漏了什么,请发表评论并与我们分享。(The above are some critical mistakes I could identify in implementing a good BYOD policy. If you think I missed anything, please comment and share with us.)
现在阅读:(Now read:) 什么是自带网络或 BYON?(What is Bring Your Own Network or BYON?)
Bring Your Own Device (BYOD) Advantages, Best Practices, etc.
Bring Your Own Device (BYOD) program has its own advantages and disadvantages. This article, the first in the three article series – talks about the good and bad of BYOD. The other two articles work to create a proper BYOD policy and find out mistakes to avoid while implementing it. Before proceeding to talk about the benefits of BYOD and its negatives, let us check out how the system is implemented.
What is Bring Your Own Device or BYOD
Bring Your Own Device system has been around for a while and is gaining momentum as more and more businesses opt for the system. Under the BYOD structure, employees use mobile devices that allow them to:
- Use the same device for personal and office use
- Work from anywhere
I can classify BYOD into two distinct categories: (a) the first one is where companies allow usage of employee-owned devices and (b) the second one where companies buy mobile devices for the employees. In each case, the implementation will differ slightly. For example, if the company is providing the device, it probably will block installations of things that are distracting: Angry Birds, for example. Also, the company may use secret software to see what you have been doing on the device. Of course, they will allow private use of the devices but that will be a little restricted.
Simply put, BYOD is a system where employees carry a mobile device that they can use to work from anywhere (using the office VPN in most cases).
BYOD Advantages
The first thing that comes to mind when talking about BYOD, is cost savings in different forms. In most cases, we assume you already own a mobile device and your company reconfigures it for business use. If that is the case, the business saves on buying the devices.
As of now, the practice of using employees’ existing devices is not much implemented. Rather, companies themselves buy the mobile devices, configure it and give them to the employees – in which case, the employees benefit in the following two ways:
- They connect to the Internet using the office VPN thereby saving on the Internet costs;
- They can work from anywhere using the same device for both business and personal uses. This relieves them from carrying more than one mobile device for personal use. Issues will arise here that might irk employees. We will talk about these issues in the negatives of using the BYOD system in businesses.
Since the employees can work from anywhere, the overall productivity increases. Employees who might not make it to the office due to bad weather or traffic, can work from home or anywhere else. This saves on employees’ absence that would otherwise lead to delay in projects. In case an employee needs to leave the office early, they can later cover the pending work. For example, if an employee has an appointment, s/he can leave early, meet the doctor, go home and work from there to complete the day’s targets.
BYOD also serves as a selling point. People prefer to work with companies that allow a single mobile device for both business and personal uses. If it is the traditional workplace, people may not be allowed to take their personal devices inside the office. I have seen workplaces where they do not allow even employees’ cellphones inside. That, compared to being able to use a single device for both personal and business work, is a big turn-off. In other words, companies with a solid BYOD system in place tend to attract better employees.
Read: Bring Your Own Device Setup and Settings in Windows 10.
BYOD Disadvantages
Again, the first one is the cost factor. Unless the company believes in allowing employees’ existing devices for business, they will be spending money on buying the equipment. Add to it, the usage of the Internet for personal purposes will only increase the spending. Still, because there are other benefits attached such as mobility and better productivity, most companies are shifting to BYOD systems.
For the employee, the turn-offs could be restrictions placed on the device. I am yet to come across any employee who says organizations prohibit personal installations in the BYOD atmosphere. Still, the organization’s policy might go to the extent of saying NO to games and certain websites.
Another cause of concern for employees is their privacy. If they use Facebook, Twitter, or something similar, the company may be able to know the login credentials. Personally, I do not believe corporate houses will go that far on snooping but the possibilities exist. Another aspect is recording or logging employee actions on the device that may give out information they won’t want to share with anyone. An example could be using the device to download a pirated movie.
The most argued concern or the negatives of BYOD systems is the security of the company’s data. Of course, the employees can access only a part of it but that part might still be enough to give out important information to others – knowingly or unconsciously. There should be a proper policy as to what the employees can share with others as well as a good exit policy: to be implemented when the employee leaves the company. A good option would be to transfer all the business data to another computer and shred the data files from the employees’ devices.
Bring Your Own Device Policy
To make BYOD successful, you should have a good BYOD policy in place. There is no such thing as the perfect BYOD policy. You just keep on making changes to the policy – as technology progresses – to keep the data secure.
#1 Educate the Employees
If you are considering BYOD implementation or have already implemented it, take time to make the employees understand the system is for convenience to both the employee and employer. You need to tell them how to keep the device protected with the latest updates and patches for the operating system and hardware they are using on their mobile devices. You need to tell them about the possibility of data leaks and how it can ruin the organization’s efforts. You need to make it clear that privacy of an organization’s data cannot be compromised.
#2 What all Platforms To Allow
You cannot let users select just about any platform. If your organizations cannot run on any specific operating system such as iOS, you have to tell your employees that people opting for iOS cannot participate in the BYOD program.
In a better method, you can give them a list of two three platforms that are acceptable and are good enough to provide for both the organization and employees. That would bring in some consistency so that you do not have to hire additional IT people to troubleshoot the devices.
#3 Non-Disclosure Agreement
Make the employees sign an NDA to an effect where they cannot share company data with any third party. Make them aware of social engineering and teach them methods to keep the data under lock.
#4 Logging & Responsibility
This is important even if the employees object. Logging the events can help you identify if any employee has been engaging in illegal activities such as downloading pirated movies. In this case, you also need to tell the employees that they will be responsible if anyone claims damages and not the organization. This clause is important as people often revert to cheaper methods for something or the other. And since it is the employee using the device and because it was the employee who went ahead to, say, download a pirated movie, the organization will not be charged with any offense.
#5 Tracking and Remote Deletion of Data
Another important aspect when creating a good BYOD policy, tracking the mobile device is more for the safety of the organization’s data and NOT to know what the employee is up to. The mobile device needs to be equipped with some sort of application that allows remote deletion of HDD. This is helpful when:
- An employee loses the device
- An employee leaves the job and moves on to a rival organization
The possibility of an irked employee giving away information deliberately exists, and the NDA agreement should be able to take care of that. Keep the damage claims a little higher to prevent the deliberate sharing of data.
Among other measures that help you to formulate a proper BYOD policy, are
- Registering the MAC addresses of devices – This helps in blocking illegal connections to the corporate network
- Auditing the Network – Check the network for any possible vulnerabilities and keep a check on the number of devices connecting to it. This way, you will be able to know if any unauthorized devices attempt a connection.
- Create a company cloud so that users who are working remotely can store things to the common shared space instead of plugging into your network again and again. That will reduce the chances of a security breach by a significant percentage. It can be anything that allows storage, collaboration, and encryption.
BYOD Solutions & Mistakes
#1 Employee Education
Get a person who knows the ins and outs of BYOD: the security issues, compatibility issues and most important of them all – the social engineering part. It would be a good idea if you can provide each employee with a handbook of your BYOD policy along with details of the person to contact in case of problems. You can use multimedia content to illustrate possible threats (presentations, videos, etc.) so that every employee understands the policy.
You have to keep them reminding. One-Time-Training would not suffice. You can actually create training sessions under the name of “Feedback & Needs of BYOD Employees”. You can stress the important points and ask for feedback/problems the employees are facing in the system. That will serve two purposes – you get to replug the basic but important points of the policy and you can use the feedback to improve and make it one of the best BYOD solutions.
#2 Restricting BYOD To Certain Device Models
We all know the mobile market that keeps on changing fast. Newer models come out too frequently and employees would want to buy a better device. But if the organizations’ applications do not run on the new model, the employees may be frustrated. One option is to create apps that make use of cloud-like Azure and Microsoft 365 that will run on almost all types of models. Using and implementing generic apps like Dropbox, OneDrive, etc. for remote storage and real-time collaboration will give a boost to your BYOD policy.
If you want the employees to use apps designed by the business IT department, make sure the apps are compatible with all major devices (operating systems) available for mobile devices. Thus, you will be offering facilities that can run on almost any device model rather than restrict them to certain device models even though they are craving for that new Windows phone released with much fanfare.
#3 Don’t Forget Migrating Process
When the above method of using generic apps, it is not much difficult to migrate from the older device to the new one. Still, include something that helps in transferring data to newer devices (if stored locally) and then wiping out the previous device. More than often, people keep their old devices casually (unprotected) and some might try to sell them away. In both cases, you have to get the business data erased before they are picked up by someone outside the organization.
#4 Not Including Erase Clause Is a Huge Mistake
While point 3 talked about old devices, this point is related to new devices. It will be hard to get employees to agree on the point. Tell them it is for their own benefit. If they misplace the device or move to another company, your IT department should be able to remotely wipe out the data on employees’ devices.
You can’t simply go ahead and wipe out data as the employee may knock courts. This possibility makes it necessary to include the clause in the BYOD agreement so that even if you erase the data remotely, you are not to be held responsible.
#5 Responsibility For Illegal Usage
There should be a clear policy that absolves the organization if the employee uses his/her device for illegal downloads etc.
#6 Forgetting About Upgrades
It is a known fact that technology keeps on evolving. Accordingly, your IT department needs to make their apps and other things compatible with the newer technology for smooth and protected processes. The mobile devices’ hardware and operating system may too get obsolete in a way that the organizational apps might not run properly on the existing devices.
The best BYOD solutions include a clause that forces employees to upgrade their mobile devices when technology demands better hardware or operating system. If the employees can’t upgrade due to financial problems, the organization can offer them a compatible device or better still, offer them a loan to buy the latest technology. This will make employees happy and loyal. This translates to better production.
The above are some critical mistakes I could identify in implementing a good BYOD policy. If you think I missed anything, please comment and share with us.
Now read: What is Bring Your Own Network or BYON?