One risky four-letter acronym every employer should understand

facebook Twitter LinkedIn RSS

There is one relatively new workplace-related term that carries with it a wide-ranging swag of risks that most companies need to understand.

BYOD or Bring Your Own Device refers to the practice where staff use their own personal devices (such as smartphones and tablets) for work-related purposes.

It is hard not to see this practice in action, whether it be someone checking their work emails on the commute to work or someone accessing their work intranet via their tablet computer.

Even think about the last time a salesperson in a car yard or electronics store handed you a business card with their mobile phone number on it.

The most significant impact from the increased use of personal devices, has been the increasingly blurry line between people’s private and working lives.

The use of personal devices for work purposes has numerous benefits for employers and employees alike, such as the lift in productivity for companies and increased flexibility and convenience for staff.

Aside from allowing staff to check their emails and calendars while they are out of the office, staff are able to work faster when working on devices they are more familiar with, such as their own.

But the benefits BYODs bring to employers also come along with a raft of risks that range from issues of data security, human resources to intellectual property.

The use of portable devices means that risks that once remained only an issue in the physical workplace are now a risk wherever BYODs can be used – and that is just about anywhere. That means companies could be exposed to a range of risks that occur outside the workplace, such as being potentially liable for the conduct of an employee whenever they use their BYOD or an employee’s smartphone being hacked into by malicious software.

We have identified at least eight categories of potential risk, which include:

  • Data security, where company IT security could be breached via a BYOD.
  • Privacy, where the privacy of work colleagues and clients need to be respected at all times.
  • Confidentiality, where company information can be exposed by devices being used in public.
  • Resignation of a staff member, where company information is still stored on a BYOD.
  • Legal liability, which can relate to intellectual property issues or whether a device can be used in illegal activity.
  • Lost/stolen devices, which could expose company data.
  • Compatibility of devices, where not all BYODs may be compatible with a workplace’s IT system.
  • Costs, which relates to the cost of supporting, maintaining and data costs of a BYOD.

Companies can protect themselves by completely banning BYODs (and the benefits they bring). Otherwise, a business can adopt a risk management plan that includes a policy that articulates how personal devices should be used by their staff.

It is becoming increasingly common for staff to sign an acknowledgement form prior to using their device, so they understand the implications and their responsibilities in accessing company information.

But the risks posed by BYODs do not just relate to a having a well-drafted policy. Considering and mitigating the risks posed by BYODs also makes good business sense.

Consider the salesperson we discussed at the start of this blog with their personal mobile phone number on their company business card. Did their employer consider the risks that could entail?

Months later, a consumer may finally get around to deciding to buy a washing machine or car and look for the business card that was handed to them. The salesperson may now be working for a rival car yard or electronics store. But it is a fair guess they will still be eager to accommodate a sale.

There are many possible ways to work around this to avoid the problems in this area and these should be embraced with the many benefits that may ensue.

Click here to email a copy to a friend!

How can CompliSpace help?

CompliSpace’s comprehensive range of cost effective human resources policies, procedures, training and testing modules, ensure that managers and staff know what is expected of them and have key tools and information at their fingertips at all times. This enables a business to meet its workplace relations obligations while building a positive corporate culture, capturing knowledge and saving time. For more information, contact us on the details below:

P: +61 (2) 9299 6105 (Sydney) / +61 (8) 9288 1826 (Perth)



This blog is a guide to keep readers updated with the latest information. It is not intended as legal advice or as advice that should be relied on by readers. The information contained in this blog may have been updated since its posting, or it may not apply in all circumstances. If you require specific or legal advice, please contact us on (02) 9299 6105 and we will be happy to assist.

Compliance with Current and Future Child Protection Laws – Embedding a Child Protection Culture. How can this be achieved?

Financial Services Updates

Financial Services Updates