Should CIOs use a carrot or a stick to rein in BYOD workers?

Tom Kaneshige

Moreover, companies are becoming more assertive with their security controls. They may be more likely to lock devices if they believe a significant threat is underway, Maclachlan says.

AdaptiveMobile's survey reports that companies are unable to see eight out of 10 security threats: malware infection, access to inappropriate or harmful sites, installation of unwanted apps, existence of spyware or other espionage apps, use of unapproved file transfer sites, protection against roaming costs, SMS or MMS spam and malware distribution, personal expenditure on data or messaging, compromise or loss of customer data, and spambot or botnet infection.

Is Killing Really the Answer?
Is the threat of a corporate kill switch really the way to enforce BYOD security policies? Not everyone thinks so.

"If company policy, agreed to in writing by the user, allows for the corporate administrator to kill the device when compromise is feared, then the company will own the kill switch," says Jeff Rubin, vice president at Beachhead Solutions. "But obviously this is exactly the type of Big Brother action that inhibits the expansion and use of BYOD, because users may rightly feel that only they should control the fate of their devices."

Rubin says he believes the user should own the hardware kill switch in a BYOD setting, in which case the user will flip the switch and destroy the device in only dire cases. With users in control, of course, the threat to follow security practices is gone.

Even AdaptiveMobile's survey shows signs that a kill-switch stick might not work. A whopping 67 percent of employees said they would stop using personal devices at work if they knew their employer had a kill switch.

Money Changes Everything
Instead of the stick, CIOs can use a carrot — in this case, a stipend.

Money talks, and the offer of stipends gets employees' attention, says Josh Bouk, vice president of sales and marketing at Cass's expense management division. Cass helps employees onboard to a BYOD program, serving up a portal for employees to enroll and accept a company's policies, go through an eligibility process and receive an appropriate stipend.

More importantly, Cass serves up a compelling carrot by bypassing expense reports and delivering stipends directly on an employee's phone bill. Cass can also withdraw a stipend quickly if an employee falls out of compliance with the BYOD policy.

Of course, stipends, too, face an uncertain future. BYOD stipends are starting to disappear in areas of the country where jobs are sparse and companies aren't under pressure to provide perks. Some industry watchers predict BYOD stipends will go away completely, much like reimbursements for home WiFi.

Nevertheless, when a stipend is involved, employees are quick to respond to company expectations lest they lose precious dollars. "Employees become more compliant," Bouk says.

Previous Page  1  2