How To Guide
How to Handle Employee Device Policies (BYOD)
67% of employees use personal devices without proper policies.
Overview
BYOD needs clear rules for security.
Step 1: Policy
Define expectations.
1
Components
- Allowed device types
- Minimum security: OS, encryption, lock
- Required software: MDM, antivirus
- Data ownership rules
2
Agreement
- Written acceptance required
- Remote wipe rights for business data
- Clear monitoring scope
Step 2: Technical
Enforce security.
1
MDM
- Deploy Intune or Jamf
- Enforce encryption and screen lock
- Remote wipe capability
- Control app data access
2
App Security
- Containerise business data
- Require VPN and MFA
- Block rooted devices
Step 3: Ongoing
Maintain programme.
1
Reviews
- Quarterly device audits
- Annual policy review
- BYOD security training
3
Risk Assessment
- Identify what data BYOD devices will access: Email, files, CRM, internal apps
- Assess the impact of a compromised personal device on your business
- Consider regulatory requirements: Can personal devices access regulated data?
- Evaluate the risk of data leakage through personal apps and cloud services
- Document accepted risks and the controls that mitigate them
- Review risk assessment annually and after any security incident involving BYOD
4
Employee Communication
- Explain WHY BYOD policies exist — people comply better when they understand the reasons
- Clarify what the company CAN and CANNOT see on personal devices
- Address common concerns: No, we cannot read your personal messages
- Provide a dedicated support channel for BYOD issues
- Offer incentives for compliance: Monthly stipend toward phone bills, device discounts
- Make the enrolment process as simple as possible to reduce friction
Need Professional Help?
Our engineers provide expert assistance with setup, troubleshooting, and ongoing support for businesses and individuals across Cornwall.