BYOD = Bring Your Own Device.
Don’t do it.
Well – certainly look very carefully at the small print before saying, ‘yes’.
Don’t assume that you should automatically say ‘yes’ when offered a shiny new Macbook Pro or other shiny i-object through a BYOD scheme.
What? After posts praising this welcome shift back to empowered users, I am proposing that you consider saying ‘no’?
Because many of the BYOD schemes I have seen proposed, are nothing short of cost control measures designed to placate frustrated users without addressing the fundamental problems or corporate IT. They don’t change any of the fundamental problems. Your company provides a provide a better PC, or a more up to date phone, but many of the original issues remain. Agreeing to a BYOD scheme and mixing your work and personal life could be very risky for you.
Yes, the kit is better, but it is still owned and managed by someone else, and you are still bound by the same restrictions you were before, and the reliance on corporate kit could leave you very exposed.
Some points to consider:
Compliance (in all forms):
Even if you are given the cash to choose or buy the kit, the fact that you connect this to a corporate network can mean that you are subject to the same limitations, restrictions and controls as any traditionally provided piece of kit. The security people (rightly so) will still want to ensure that their network stays secure, so are still likely to demand that your kit has ‘compliance software’. This can mean anything from ensuring the kit is patched and protected against viruses to intrusive monitoring software that tracks what you are doing with detailing reporting back to your company.
If you have compliance software on the machine, you have NO PRIVACY. This doesn’t just mean that what you do can be tracked and monitored, but what you (or any family member) does out of work hours on the machine can potentially leave you liable for disciplinary action. This includes: sites accessed, content downloaded (or even watched), comments made on websites, tweets; anything you OR anyone who uses the machine does. There is no personal boundary, no privacy, no grey line. You are liable.
Advice: Unless you live on your own and live the life of a nun, get another PC.
This varies from company to company, but many companies consider everything that you do whilst using their devices, whether in work time or not to be their property. Have an idea for a new business? Be careful where you write about this. If you do anything related to this on your work PC, your company may be able to claim ownership of this. Whilst you may think this is unlikely to be a problem, start working for a competitor and you could find yourself mired in a world of litigation. This is not just for software developers either. Finance, sales and HR can also be IP and privacy mindfields.
Advice: Never mix the day job and else, use a personal PC. If you are looking for another job NEVER EVER do this from a work PC. Access to websites is tracked most companies. Even if you don’t leave your job, just looking could harm your chances of promotion if your company is monitoring web access closely.
More and more companies are installing the IT nuclear weapon called ‘remote wipe’ – the ability of an IT administrator to remote erase all of your data without your permission. This has long been a feature on many work machines although you may not have realised it was there. On mobile phones and tablets, many IT departments consider this an essential function in order to grant access to a company network. They have a point as no one wants a lost or stolen machine to compromise a network, but this is worth examining closer, as it clarifies things a great deal for you.
Remote wipe means that this is NOT your machine. You may have bought it, own it, create on it, but you are not in control of it. If a remote IT administrator can erase your work – he can also erase your photos, music, bank details … and whatever is on the hard drive without your approval. Remote wipe is not just for corporate managed devices of course, but the key question is who can decide whether a device is wiped? If this is a work PC, then fine, you accept this, but think carefully before putting personal files on the machine.
It isn’t just about the wipe. Corporate machines can almost ALWAYS be remotely secured or locked. You may feel secure in employment, but a completely spurious HR query could see your machine locked pending further investigation. Are you using the machine for non-work activities that you rely on?
Advice: Never keep personal data on a work machine. If you must, ensure that this is backed up securely to a location or site that you control and manage. With some companies defining access of USB storage devices as a disciplinary offence, this could be harder than you think. Keep it simple – keep your stuff on your kit.
Who controls and manages your life – you or your company?
The answer should always be you. Always.
Whether you are employed or self-employed,or own the company you should be in control of your career, your future, your ability to work, your portfolio, your ideas, your ability to be creative, your ability to communicate. If you run your life on corporate kit, you have ZERO control of this, because it can be taken away without any input from you. Even as a company owner, you are liable to legal challenges externally. The fact is that if you rely on corporate technology for your personal life you are taking some very big risks.
There are some scenarios where a separate machine is not always practical, with travel being one of the most cited examples, but with the size of technology falling and the usability of devices improving; will a personal iPad do what you need whilst you are travelling? Carry your work laptop if you need to, but carry the iPad for everything personal. At home, the option is very simple. Use a work machine for work, and just work. Use a personal machine for everything else. Yes, having two machines requires more space, but you also buying security, privacy and the agility to own your digital life. That is certainly worth the cost of a machine.
Advice: I’m sure you have figured this out by now.
BYOD, no thanks.
So if you are asked about whether you want to participate in a BYOD program, look very carefully at the terms and conditions before saying ‘yes’. Don’t be swayed by the thought of a new machine. Ask very simple questions about the scenarios covered above. Ask them in simple language too. Don’t be swayed by technology BS. Pose simple questions and ask for simple clear answers.
If you need a better machine at work, make the business case for one. Show the return on this. Don’t assume that BYOD is the only option. A more simple option may be, just buy better kit using the same old work scheme. After all, the demands for BYOD are a reflection on this failing – so try and fix it. Don’t assume the only answer is BYOD – the answer may be to recognise the value of personal productivity and provide better tools. If the answer is still no (as it is likely to be in this economic climate), then work as best you can with what you have. Of course, you need to consider your personal productivity and it may be worth investigating a personal purchase for things like writing or graphics creation, but be careful about ownership and liability. Yes, you may not work as fast on the old work machine, but you know that when this is off, it is off – and what you do in your own time, in your own space, in your own life stays just that – yours.
If you do need to work on a personal machine for your work, here are three simple tips:
1) Patch and protect. Don’t be lazy. Patch the software, run the security patches, and update the virus checker.
2) Have clear responsibilities defined. What do you pay for? What does the company pay for? Who pays if the machine dies? Who controls the data and security? Ask simple questions, demand simple replies. If you are working remotely, make sure you discuss the travel details? How do you get a fix/replacement machine? How quick?
3) Define clear boundaries for interchange of data. Can you use a shared secure location/site/service to interchange files rather than connect to a network. That way the site can be secured, and there may not be a need to directly manage your PC. If you connect directly to a corporate network, chances are you have zero privacy, whatever you think.
4) BACKUP to a device/service that you use. If you encrypt this, make sure you can decrypt this from another machine. There is no point backing up encrypted files that you cannot access.
5) BACKUP … worth stating again! Kit dies. Fact. Be prepared. Time Machine is superb if you own a Mac.
Making the kit work for you …
But we are in a recession and new kit is expensive!
Absolutely, so make the technology pay its way. If you buy a new Macbook Pro, this will cost you about $1500 that is $500 per year over three years (in terms of splitting the cost). That equates to $42 per month. About 2-3 large lattes a week. So use the machine for something that is worth $42 to you. This doesn’t just mean generating extra income, but it could do. Use it to improve your writing, your design skills, take online courses, sell stuff, contribute to building your brand externally … get the idea. See the $42 as a combination of insurance and investment in you.
And if you needed any more evidence of whether you could be fired for a misusing a work PC, then read this.