Letting staff use their own phones for work - "Bring Your Own Device", or BYOD - is tempting. It saves on hardware and people like using devices they already know. But it also raises real questions about security, privacy and data protection. If you are going to do it, do it properly. Here is how.

The appeal of BYOD

  • No handset costs for the business
  • One device for staff to carry instead of two
  • Familiarity - people are comfortable with their own phones
  • Quick to adopt - no procurement cycle

The risks you can't ignore

The flip side is control. When the device belongs to the employee, you have far less say over how it is secured - yet your company data is sitting on it. The key risks are:

  • Data exposure if the phone is lost or stolen
  • GDPR headaches - you are still responsible for personal data accessed on that device
  • Leavers walking out with company data and contacts on their personal phone
  • Inconsistent security across a mix of old and new devices

How to do BYOD safely

The answer is not to ban it, but to manage it. The essential ingredients are:

  1. A written BYOD policy that staff agree to - covering acceptable use, security requirements and what happens when they leave.
  2. Mobile Device Management. MDM can create a secure "work container" on a personal phone, separating company data so you can wipe just that data without touching the owner's photos and apps.
  3. Baseline security requirements - passcode/biometric lock, encryption, up-to-date OS. See our mobile security best practices.
  4. A clear off-boarding process to remove company access when someone leaves.

What a BYOD policy should cover

  • Which devices and OS versions are allowed
  • Mandatory security settings
  • What company data may be accessed and how
  • The employee's privacy rights (you are not monitoring their personal life)
  • The process if the device is lost or the employee leaves

BYOD vs company phones

BYOD isn't always the cheapest option once you factor in management and risk. It is worth comparing honestly against company-provided phones, which give you cleaner control.

Get BYOD right from the start

A poorly managed BYOD setup is a data breach waiting to happen; a well-managed one is convenient and safe. Our Mobile Products service helps you put the policy and the technology in place. Request a callback to set it up properly.

Frequently asked questions

What is a BYOD policy?

A BYOD (Bring Your Own Device) policy sets the rules for staff using personal phones for work, covering security requirements, acceptable use and what happens when they leave.

Is BYOD safe for businesses?

It can be safe if devices are managed with MDM, work data is kept separate and secured, and there is a clear policy and off-boarding process.

What should a BYOD policy include?

It should cover allowed devices, mandatory security settings, what company data can be accessed, the employee's privacy rights and the process when they leave.