Has your Institution created a Bring-Your-Own-Device Policy?


These days, the vast majority of your employees have smartphones. Use of these devices to send and receive work-related emails and other communications, and to access the institution’s files and other network resources, can boost productivity. The benefits also include new mobile workforce opportunities, increasing employee satisfaction and reducing or avoiding costs. But the ensuing security concerns have led some institutions to prohibit employees from using their own devices for institution business. Although an outright ban can be hard to enforce, setting a bring-your-own-device (BYOD) policy and, in doing so, enabling the institution to control these devices and manage risk, may be a better approach.

A BYOD policy should, among other things:

  • Provide for management approval and registration of all mobile devices that will access the institution’s servers;
  • Require employees to maintain up-to-date virus protection, authentication and encryption software on mobile devices;
  • Require employees to use strong passwords and other security controls to access mobile devices and the institution’s servers;
  • Specify what type of information can be stored on or transmitted by mobile devices;
  • Allow the institution to remotely wipe a device clean if it’s lost or stolen; and
  • Require employees to provide written consent to comply with the written security procedures before using the device for institution business.

Consider using mobile device management (MDM) software to manage employees’ devices and implement controls to protect the institution’s information.

Allowing employees to BYOD can increase efficiencies and cut costs; however, your institution needs to create a strong BYOD policy to mitigate the increased security risks. If your institution needs assistance with creating a BYOD policy, updating your existing policy, or would like an independent review of your policy, contact VonLehman’s specialized Financial Institutions Group today at lbrown@vlcpa.com or 800.887.0437. 

Have a Question? Contact Us

Contact Us