A “Bring Your Own Device” approach to enterprise mobility saves your company on hardware costs and increases employee satisfaction and productivity. But how do you strike the right balance between convenience and data security?
Multifamily organizations face many challenges when considering how best to leverage the latest technology. With the lighting-fast product cycles of mobile and the extensive blending of business and personal use (often called IT consumerization), it can be difficult and expensive for the industry to keep pace with changing tech. In many cases, employees already have the latest devices and apps in hand, allowing them to be more nimble in staying up to date than their employers. As a result, many in the multifamily space and beyond have adopted Bring Your Own Device (BYOD) policies, asking employees to bring their smartphones and tablets to simplify onboarding, improve effectiveness, and drive efficiency — not to mention reduce hardware and service costs.
By some measures, 72% of organizations support a BYOD approach to getting work done “for all or some of their employees.” Certainly, given the increasing power of smartphones, tablets and other mobile devices, your employees can now very easily “work” anywhere, anytime – and expect to be able to. Connect this to the fact that workers in multifamily operations are very often on the go, moving from property to property and managing a range of logistics and processes.
But the legal and security implications arising from the blurred line between personal and business activity presents a dilemma that has multifamily leaders hesitating to embrace BYOD. Security, compliance with laws, and privacy concerns need to be balanced with the inherent flexibility of BYOD in order for such a program to work well.
So which factors should you consider as you choose your mobile strategy? How do you weigh the pros and cons between providing employees and contractors with devices versus letting them use their own? And might a hybrid model like CYOD (Choose Your Own Device) offer a best-of-both-worlds approach?
BYOD (Bring Your Own Device) for a Simpler Onboarding Experience
The advantages of letting workers use their own devices are numerous. Staff can work at any time, from anywhere, on any device — though it is worth keeping a pulse on court decisions around reimbursing employees for using their own cell/data plans. Your workforce gets to use equipment they’re comfortable with, cutting down on the need for training. In addition, device setup is minimal and hardware acquisition costs are eliminated because users already have their phones in hand. Plus, they don’t have to carry two devices around for their personal and job use. You also avoid the complexity related to multiple logins on shared devices. All employees need to do is download the necessary app or apps, get trained on specific software instead of an entire operating system, and begin working immediately.
As Enterprise CIO reports, and studies by companies like IBM, Cisco demonstrate, your company stands to gain significantly from instituting a BYOD model:
- Users in the United States save a total of 81 minutes per week under BYOD models
- BYOD contributes to a 16% boost in productivity over over a 40-hour week
- Job satisfaction rises by 23% under BYOD
- Company loyalty among employees benefits from a 21% rise
- 69% of IT decision-makers favor BYOD as a positive addition to workplace policy as it saves workers time (2016 Cisco annual report).
Furthermore, the article notes, “if users are able to implement their own technologies into their working practices, then they are more likely to take work home with them – as these employees are working an extra two hours every day and sending 20 more emails every day.” Cloud storage also allows employees to work in ways that weren’t previously possible. And avoiding shared devices prevents inherent struggles and complexity related to multiple logins between users. These benefits are why multifamily operators aren’t ruling out a BYOD strategy before trialing one.
The chief concern when personal devices are being used to access company data is preventing data leakage. Employees may not be as adept at keeping their devices up to date with security patches and software versions. And retrieval of company data and intellectual property is harder to confirm with a BYOD strategy. For instance, in cases where an employee is suddenly terminated it can be challenging to verify a return of data and/or deletion of the company’s apps. Employees may share their device with other family members or even sell their device. And in many cases they’ll keep the same phone number, which can be problematic if they were in a customer-facing role. The long-ranging consequences of a potential data breach to business and brand contribute to the unease in contemplating a BYOD strategy for multifamily operators.
IT departments can limit security risks by introducing tools that apply permissions and monitoring to track use.
Secondary concerns include the fact that IT departments will likely be burdened by the greater variety of devices to support, and some employees may bring personal devices that are incompatible with company software.
IT departments can limit security risks by introducing tools that apply permissions and monitoring to track use. But an alternative arrangement, known as CYOD (Choose Your Own Device) that represents a blend of flexibility and control, can help companies jump over the potential security, device support and compatibility hurdles presented by BYOD.
CYOD (Choose Your Own Device) for More Control over Security
CYOD models represent a variation on BYOD, providing middle ground between employee choice and company data security. In a CYOD arrangement, workers choose their devices from a pre-approved list of supported/compatible devices compiled by the employer. You get a controlled network environment that still offers employees the benefit of selecting a single device that will help them perform their roles. CYOD could provide similar benefits to BYOD, and also may be less of a cultural leap for your organization, since it is closer to the status quo of corporate provision.
Where the freedom of BYOD can become challenging from a security perspective, CYOD seeks to preserve your enterprise data while promising a better user experience than conventional device management. The goal of CYOD is to meet the critical needs for both the organization and employee. The main downside is you’re usually responsible for the full tab (though not always — ownership could belong to either the employee or the company under CYOD). But many companies willingly pay that price to be able to remotely chaperone employee access, enforce company policy, administer security updates, proper setup and network settings, and align devices with their workflow and processes.
CYOD seeks to preserve your enterprise data while promising a better user experience than conventional device management.
Mobile devices can be provided in a number of ways. Specific phones or tablets that are already configured offer the most control for you as an employer, and can also lighten the load for your IT teams supporting employees on these devices. Troubleshooting is much simpler — a potentially critical advantage when helping people operate remotely. Because CYOD policies involve procuring a limited range of mobile options and giving your employees the option to choose something they have more familiarity and therefore skill with, they will typically require less training and support as well. The downside is that CYOD deployment tends to be slower relative to a BYOD arrangement. If your company implements a CYOD strategy that involves company-owned devices, the devices are retrieved if the employee is fired or resigns.
Be aware that one of the common drawbacks to CYOD, when providing company-owned devices, relates to the challenge of keeping up with the latest hardware and software developments with your inventory refreshes. This again raises the issue of shouldering costs, IT burden and training. Companies must assess employee needs, provide guidance on choosing a device, purchase the device, furnish it with software, get it to the employee, train them to use it, and replace it if it breaks. And perhaps do so in shorter cycles to match the speed of the market. That’s more than some employers in property management want to take on.
Navigating Regulations and Examining Your Corporate Policies
Legal concerns have spawned a wrinkle in the narrative of IT consumerization and the BYOD and CYOD models companies are choosing. Several states, including California and Massachusetts, have labor laws requiring employers to reimburse employees for the business use of personal devices. The California Court of Appeals, in Cochran v. Schwan’s Home Services, Inc ruled in 2014 that: “the employer must pay some reasonable percentage of the employee’s cell phone bill” in cases where the employee uses their personal device for business purposes. This holds true whether or not the employee has incurred additional charges for their work use or uses an unlimited minutes plan — and also applies even if a third party is paying the employee’s bill.
Although your official company policy may prohibit employees from using their personal cell phone for business use, you could still be on the hook for “reasonable” reimbursement; employees who disobey the company policy are still entitled to compensation. California has not yet provided employers with guidance on how to calculate such payments, complicating how you might design and implement your BYOD policies and procedures.
Although your official company policy may prohibit employees from using their personal cell phone for business use, you could still be on the hook for “reasonable” reimbursement.
In early 2018, The National Law Review advised California employers to weigh two options for reconciling their device policies with the court decision, writing:
The safest approach is to pay the entire cost. That said, a more palatable approach is to pay a flat monthly stipend (e.g., $50). Put this policy in writing and expressly state that employees may submit expense reimbursement requests each month to the extent that the flat rate does not cover the total expenses for the usage that month. Distribute the policy to employees, and remember to inform new employees as they onboard. Until more guidance is provided, employers should continue to carefully monitor this area of law and their company’s practice.
In other words, paying for your employees’ personal cell phone plan in full makes complying with the law easier, but could be the most costly choice. Alternatively, paying a monthly stipend helps you control costs, budget more accurately, and avoid paying for employee phone plans of varying price.
According to Syntonic, a company that splits mobile billing between personal and business use, 47% of companies use a stipend to reimburse employees. In a distant second, 29% require employees to manually calculate their work-related usage each month (2016). If you’re contemplating having employees track and submit expense reports for work-related cell phone usage, keep in mind that your HR processing time and costs could increase, and it may not be feasible if most of your employees are using unlimited plans or plans with free minutes.
Whether your organization practices BYOD or CYOD, The Fair Labor Standards Act (FLSA) requires companies to pay non-exempt (hourly) employees overtime if they work more than 40 hours in a given week. In today’s work anywhere/anytime culture, this has implications for you as an employer. If employees are using their mobile devices for work once they’ve gone home for the day — for example, responding to business emails before bed — they may be eligible for overtime pay. Failure to comply with labor regulations can result in penalties, like when an employer in San Antonio, Texas was found liable for not compensating an employee for almost $40,000 in overtime work, much of it performed on an employee-owned device.
Whether your organization practices BYOD, CYOD or a different model, The Fair Labor Standards Act (FLSA) requires companies to pay non-exempt (hourly) employees overtime if they work more than 40 hours in a given week.
Providing some guidance for employers, the editorial board of The Labor Dish, an employment and labor blog proposes that:
In light of this decision and others like it, employers should consider either limiting BYOD to exempt employees or re-developing time reporting systems/policies so that all time worked, (including time spent responding to after-hour emails and calls) is captured and paid.
Early in your decision-making process, it’s important to audit how your employees are currently using their personal devices so you can assess the financial impact of the strictest interpretation of compliance versus a monthly stipend model. Whichever approach you choose, it is critical to be very clear on your policies regarding device use, stipends for device purchase, cell phone bills and data plans, and more. You might include waiver forms that allow company access to personal devices and confirm that employees waive claims for loss of personal data or damage resulting from such company access or company wiping of the device. Should employment be terminated, you might require the employee to certify, in writing that all company-related data has been scrubbed from the personal device.
Research published by Ovum and commissioned by Logicalis reported that of the 60% of full-time employees who partake in their organizations’ BYOD programs, only 20% of have a signed BYOD policy (2013). More recent figures show that 87% of companies rely on their employees using personal devices to access business apps. Are your policies keeping pace?
Multifamily operators should consult with their legal and HR teams to ensure they’re compliant with the laws in the municipalities and states they operate in. If you are unsure where to begin investigating options for your organization, IT Manager Daily offers a BYOD Policy Template that can help clarify guidelines for acceptable use, devices and support, reimbursement, and security, as well as risks and liabilities.
It is critical to be very clear on your policies regarding device use, stipends for device purchase, cell phone bills and data plans, and more.
The Right Mobility Solution for Your Company
The real task for your business is finding the best balance between control and flexibility. A BYOD policy allows an organization to be nimble, with quick onboarding and quicker implementation as employees use devices they know well. But tech support (your company IT team and vendor support team alike) will need to be able to accommodate the spectrum of devices, and manage the security concerns of both workers and managers.
On the other hand, providing equipment, as is often the case with CYOD, is a more secure method that could create hardware expenses. You can set up the kinds of phones and tablets you want and avoid many of the headaches that an open-ended device policy can create, but deployment tends to be slower compared to a BYOD policy.
BYOD
Advantages:
- Saves on hardware costs — no procurement required
- Increases employee productivity, job satisfaction and loyalty
- Deploys quickly
Drawbacks:
- Security is harder to manage than CYOD
- IT departments must support a multitude of different devices
CYOD
Advantages:
- Thought to have similar benefits to BYOD in terms of employee productivity and satisfaction, but has been less studied
- Tighter control over data, access and security than BYOD
- Easier to enforce company policies, administer updates, oversee network settings and more
Drawbacks:
- Upfront hardware expenses (in most cases) — procurement required
- Slower deployment than BYOD
In either case, approaching these choices with the requisite knowledge is critical to ensure a successful and stable operation. Decide who is responsible for paying for the devices, which devices apply (Smartphones and tablets only? Laptops too? What about wearables?), who controls the device, who is responsible for support, and how closely integrated the device is with the everyday workflow. Be sure to involve your HR, IT and legal teams in the policy-making process and get synced on their needs and the concessions they might have to make to move forward with a model for device management.
Be explicit about how hardware is integrated into your enterprise network and which corporate applications employees are running as well as restrictions on personal applications for company-owned devices. Which personal applications do you expect to be part of the daily workflow and be connected directly to your network? How can you best employ data loss prevention to keep your intellectual property and data secure? Your policy may address blocking access to certain sites, installing monitoring software, including a remote lock capability and more.
Ultimately, multifamily operators are increasingly committed to mobility, with a greater opportunity to leverage the devices in the hands of workers to achieve business value. Be sure you’re doing mobility right by communicating with your teams, software vendors and employees to realize strong policies and compliance.
The proliferation of mobile devices has fundamentally altered how the real estate workforce, including property management personnel, perform their jobs. So it’s important to remember “the user experience is of utmost importance.” And “unsatisfied tech-savvy users will ultimately work from whatever device best suits them” (MobileBusinessInsights.com).