Case Study Module: Bring Your Own Device (BYOD)

Introduction

Bring your own Devices (BYOD) have become the trendiest concept in case of business management. BYOD is also alternatively known as ‘Bring your own Technology’ (BYOT)The key aim of BYOD strategies is to lower the IT expanses for small to medium firm while at the same time flexibility of working remotely get enhanced to greater degree. As per the definition of Technopedia, mobile computing devices like Laptops, tablets, Smartphone, or any kind of personally bought devices can be carried and used by company employees for their office work along with or instead of remaining bound to use only the company supplied devices for their office work . This strategy is achieving greater degree of popularity as contemporary generations are getting more tech-savvy and majority of employees now own high-end mobile devices and gadgets.

This report will cover up the benefits as well as the risks associated with BYOD strategy implementation in a law firm. Seese & Desists LLP is an EU based law firm having employees over 1000 and these employees work remotely across the world. However as last financial audit have suspected that they have to shrink their expanses in order to secure their profit level hence it will be better to adopt the BYOD strategy as this will help Seese & Desists LLP to adjust their overall business expenses buy lower business cost on company IT devices. BYOD policy will be included in the upcoming corporate policy of the Seese & Desists LLP and employees of this organisation will avail the permission of using their own IT devices like laptops, tablet and Smartphone for their office jobs.

Technical and organisational measures to be maintained to ensure information security

BYOD is associated with a range of benefits that will ensure the continuous organisational business growth among them below are the key benefits that can be obtained by Seese & Desists LLP through implementation of BYOD strategy within their corporate policies;

1. This organisation has greater than 1000 employees those deals with the clients across the world. Hence they have to work ‘on the go’ and such kind of devices costs more for this firm, however if employees start to use their own mobile devices like tablets, laptops and even their high end mobile then the IT device expense will drop to appreciable degree.
2. Important jobs can be carried out my employees even while they are not in office. Moreover legal advisers can also access and communicate with other client while they are on a field job or attending a case as per their convenience .
3. Employees will be able to work under flexible work timing beyond the limitation of specified office hours.

However as different employees uses different kind of devices and security measures as well and always carry the official data with them hence there raise an issue of information security risks. Due this reason General Data Protection Regulation has been formed by EU under which a range of technical as well as organisational measures have been cited. Those measures/ safeguards have been discussed below.

As per the GDPR references three measures must to be considered by a law firm like Seese & Desists LLP and those are;

• The controller will be using only such processors that are associated with adequate degree of guarantees of implementation of proper technical and organisational measures.
• All the organisational and technical measures set for BYOD policies must met the regulations of GDPR.
• Data processing stage must be ensured with adequate degree of data protection security and that must be ensured from both technical and organisational measures.

In one word GDPR regulations monitors the functions, procedures and processes to identify the measures for both organisation and technological process of a firm so that all the organisational information remain secure even while getting stored and proceeded via multiple number of employee’s personal devices.

From organisational perspective the measures that has to be maintained by Seese & Desists LLP as follows,

Risk management: organisational management should assess the risk associated with the BYOD policy in continuous manner. Under such measures each activity of employees will be accessed in regular manner in order to ensure that they are not sharing any kind of company or client legal information from their personal devices with unauthorised source .

Carry out regular reporting: employees those are using own devices should be made bound with such company policies under which they have to report their company data access from their personal devices within a specified time interval.

Making of security policies: Seese & Desists LLP have to reform their company data security policies under which using of adequate degree of internet and data protection security to be installed in their devices those will be used for company work.

Employee awareness: in order to maintain the official information security of employee must be provided with adequate degree of training informing the employee about terms and condition of using BYOD facilities. This will includes information about fines and other legal risk of BYOD.

From technological perspective the information security measures of Seese & Desists LLP IT department should be keep consider the measures related to the hardware, software and network protection related services.

Security 101: As per the guideline of GDPR it has been made mandatory for legal firm to implement security 101 within the security network that will be accessed remotely by Seese & Desists LLP employees. Such kind of security includes malware attack protection, firewalls, various kind of antivirus software, etc.

Password protection and cyber security: IT measures of the security process of Seese & Desists LLP much initiate password protection towards their official website access permission to their employees under BYOD policies and password encryption must be made as hardier as possible. Number of connected devices per users, data transferring log, and connected device location must be monitored and controlled by the IT operators of Seese & Desists LLP so that risk of hacking legal as well as personal information of clients and organisation as well can be made as lowest as possible.

Advantages and Disadvantages of BYOD

In this part of the report, the advantages and disadvantages of BYOD in the context of Seese & Desists LLP are discussed below;

Advantages

• For a law firm like Seese & Desists LLP which has large number of employees working from various parts of the world, it is very difficult to afford sitting position as well as devices for all the employees. Hence, Seese & Desists LLP can adopt the BYOD policy to reduce its overall costs. Through the appropriate adoption of this policy, the organization can easily recruit larger number of employees as per their requirements. Hence, from the perspective of cost effectiveness, the BYOD policy will be highly appropriate and beneficial for Seese & Desists LLP1.
• The second benefit related to the adoption of BYOD policy is related to employee satisfaction. For any organization, the achievement of employee satisfaction is mandatory and there are no exceptions in case of Seese & Desists LLP as well. The achievement of employee satisfaction is essential for Seese & Desists LLP to ensure that the productivity of the employees is increasing on a continuous basis and the goals and objectives of the organization are also getting fulfilled within specified time. The employees these days own advanced level of devices which are required for their job responsibilities. Hence, if the employees are mostly comfortable with using their own devices rather than depending on the devices provided by their workplaces. Therefore, to make sure that the employees are focussed and attentive towards their jobs, Seese & Desists LLP should provide them the opportunity to carry their own devices.
• In the present era of competitive business environment, it is very much necessary for organizations to provide flexibility to its employees. This concept is true for Seese & Desists LLP as well. If the employees are provided with flexible facilities by the organization, then their interest and commitment towards their jobs will increase. On the other hand, they will be forced to work under pressure. Hence, to offer flexibility to the organization should adopt BYOD policy.
• It is often observed within organizations that to make the employees familiar with a particular device or machinery, they need to arrange trainings. Such trainings are costly in most cases as organizations are required to arrange the training session in a convenient manner. Further, there are chances that if an employee damages a device while learning its function, then the overall training cost increases further. However, this cost can easily be saved if the BYOD policy is adopted by organizations like Seese & Desists LLP. By adopting this cost, the need for training reduces as the employees are comfortable with their own devices and they don’t require to learn the functioning process of the devices of the organization. Further, the level of familiarity also increases for the employees which may work in favour of Seese & Desists LLP.

Disadvantages

• The first and foremost disadvantage which can be faced by Seese & Desists LLP if it adopts the BYOD policy is related to security and privacy. For a law firm like Seese & Desists LLP which has its clients in the entire world, it is evident that there are a lot of sensitive information which are stored in the database of the company. Generally, the devices which are installed within an organization are configured in such a way that all the employees cannot access the sensitive information6. However, if the employees are carrying their personal devices then there will not be any such barriers and the employees will easily access the sensitive and confidential information of Seese & Desists LLP. Hence, security and privacy concern can stop Seese & Desists LLP from adopting this policy.
• The second disadvantage of the BYOD policy is related to freedom. If the employees get the freedom to bring their own devices to their workplaces, they don’t limit themselves to the required devices only. There are many such situations when the employees may carry several unused devices to the workplace. Further, instead of concentrating on their work, they keep using those devices which deviates their attention from their work. Similar scenario can be observed within Seese & Desists LLP as well. The employees might be so much focussed with their other personal devices that they fail to concentrate on their work. Hence, instead of increasing the productivity of the employees, the implementation of BYOD policy can actually decrease the productivity of the organizations in the long run.
• Organizational infrastructure can also be a challenge in the way of implementing BYOD policy. For example, if all the employees start carrying their own devices in Seese & Desists LLP, then the organization will have to provide network connectivity and power supply facilities to all those devices. This might be a bit difficult for Seese & Desists LLP as the organization may not have such a huge level of infrastructural facility1. On the other hand, if Seese & Desists LLP tries to install a high level of network and connectivity features, then that would lead to increase of cost for the organization. Therefore, by adopting BYOD policy, Seese & Desists LLP may need to increase its support cost.
• The third disadvantage of adopting this policy is from the perspective of the employees. As long as the employees use devices of their workplaces, then they are required to be engaged with their work for a specific period only. However, if the employees start working from their own devices, then it becomes difficult for them to maintain their work life balance. The seniors and executives generally feel that the employees who use their own devices are available for work all the time. Therefore, the pressure imposed on such employees is generally higher compared to others. Hence, these employees often become extreme stressed and lose their motivation.

Conclusion

In conclusion it can be stated that even after having a range of technological and organisational benefits BYOD strategy can be a matter of bigger risk if technological and organisational measures related to information security is not address by organisation. However appropriate degree of fulfilling the security guideline set by EU GDPR can lower the information theft risk to appreciable extent and hence Seese & Desists LLP should invest the required amount of principle in security process of their BYOD services in order to obtain maximum possible benefits of BYOD services for purpose of their profit level expansion.

References

1.  ‘Bring Your Own Device (BYOD)’ (technopedia, 2019) accessed 5 February 2019.
2. Keyes, Jessica. Bring your own devices (BYOD) survival guide. Auerbach Publications, 2016
3. Smejkal, Vladimír, František Hortai, and Anikó Molnárová. ‘Risk and legal aspects of company’s cyber security.’
4. Ogie, Robert. ‘Bring your own device: an overview of risk assessment.’ IEEE Consumer Electronics Magazine 5, no. 1 (2016): 114-119.
5. Musarurwa, Alfred, and Stephen Flowerday. ‘The BYOD Information Security Challenge for CIOs.’ In Proceedings of the Twelfth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2018), p. 246. Lulu. com, 2018.
6. KADËNA, Esmeralda, and Tibor KOVÁCS. ‘THE NEED FOR BYOD SECURITY STRATEGY.’ Hadmérnök 12, no. 4 (2017).