Changes In The Market
Mobile devices are no longer the future of business, they are its present. The last 30 years have seen mobile devices grow from a bulky, ostentatious luxury reserved exclusively for the wealthy to a ubiquitous tool carried daily by a majority of the population. At the same time, they’ve evolved from simple portable phones that don’t require a landline connection to multi-faceted computing devices capable of replicating almost all the functions of a telephone, home PC, high-definition video camera, and more in a pocket-sized form factor.
Driven by the explosion in popularity of mobile devices, organizations of all shapes and sizes have discovered the myriad benefits of allowing employees to utilize their own personal devices for work. Bring Your Own Device programs empower employees to work where, when, and how they choose, which enhances morale, increases productivity, and ultimately saves time and money. However, these policies also present unique compliance challenges. To reap the significant benefits offered by personal mobile devices, you must first assess how industry compliance requirements intersect with a BYOD program and outline the steps your organization will take to meet them.
A recent webinar featuring Smarsh Vice President of Mobility Strategy Brian Panicko and Smarsh Chief Evangelist Mike Pagani explores why BYOD is gaining popularity at such a rapid rate, and then provides a closer look at the components that make BYOD adoption viable and compliant. Finally, the webinar offers insights into how you can institute your own BYOD program, and the concerns that you must address before allowing employees to use their personal devices for work.
Why BYOD?
The first part of the webinar focuses on the reasons behind the surge in personal mobile devices used for work, namely potential productivity benefits and the shifting demographics of the professional world.
As mentioned previously, the ability to use personal devices for work offers employees freedom; the freedom to use a device of their choosing, the freedom to communicate in the fashion most comfortable to them, and the freedom to work when, how, and where they want. Not only does that save time and improve productivity — a recent Cisco study found that employees using their own devices saved an average of 81 minutes per week — it’s also an attractive selling point for any business hoping to attract members of the burgeoning millennial generation to their employ. More than any prior generation, millennials have come of age in a portable, digital world, which relies on wholly new communications channels, and they want to work for employers who recognize and leverage the benefits of these communications tools. If you’re an employer that does not allow the use of personal devices, your employees will seek out an employer that does.
While a wide swath of employers have been quick to recognize this, instituting a BYOD program is not as simple as just allowing employees to use their own devices for work, especially in regulated industries. Without a thoughtful BYOD plan in place, you can quickly run into compliance issues.
Compliance Gaps
While nearly all organizations have compliance plans in place for email, more modern communications methods lag behind. The 2017 Smarsh Electronic Communications Compliance Survey Report found that while 98 percent of organizations surveyed had an archiving/supervision solution in place for email, that number drops to a mere 52 percent when it comes to text messages. If you look solely at work-related text messages sent through employee-owned personal devices, that compliance figure drops even further, to 32 percent — a sobering figure given that 90 percent of employees use their own mobile devices for work. Even worse, a worrying number of those organizations lacking a solution for supervising text messages were assuming they didn’t need to create a compliance solution because they could simply request the communications from mobile carriers or ask employees to pull conversations from a device’s archives. This is not a viable solution. Mobile carriers only maintain messages for a limited time, and device archives are unreliable at best with search functionality that is inconsistent (and grows more inconsistent as additional data is added to the device). Plus, putting the onus on employees to retain and retrieve their communications creates a conflict of interest where an employee may choose to suppress evidence of any fraud they might be involved in. Regardless of the communications platform you’re using, if your organization isn’t capturing and archiving communications, finding the data may not be possible.
The seemingly simple answer to closing this compliance gap is prohibiting personal devices, but that’s been repeatedly shown to be unsustainable. Whether you like it or not, your employees will use their mobile devices for business communications. If you’re prohibiting mobile devices in lieu of making proper preparations for archival and supervision of mobile communications, you will be stuck playing the risk mitigation game when an employee inevitably goes against your wishes.
Financial Services Adoption
Text messaging is increasingly seen as the lowest common denominator when it comes to communications in the United States. Almost everyone uses it, and most people text often enough that it comes as second nature. Recognizing this, major financial institutions are beginning to adopt BYOD programs to appeal to both employees and clients. Not only do mobile devices allow employees to collaborate with colleagues and internal resources more efficiently, it also gives them the ability to interact with clients faster, more easily, and in the communications medium clients find most familiar
and comfortable — and that’s in addition to the key benefit of a properly deployed BYOD program: Regulatory compliance that does not come at the cost of productivity.
Technology Stack Basics for BYOD
Two key technologies are at the heart of a successful BYOD program: Mobile Device Management (MDM) and Containerization. MDM refers to the ability to remotely manage a device, whether that means uploading or downloading data, changing settings, or even wiping its memory. Containerization, meanwhile, is deployed alongside MDM and creates a secure workspace that exists within a device but remains separate from all personal data. Essentially, in lieu of employees carrying two separate phones, containerization splits their personal device into sections, one identical to their personal phone, and another, work-focused section, where messages are archived and supervised. This container can even have its own unique phone number. How your organization utilizes MDM and containerization will vary depending on your goals and the regulatory requirements facing your industry.
Fortunately for Smarsh customers, alongside our archiving and supervision products for more traditional business communications, we also offer BYOD management solutions that work with every device and operating system available.
Key Considerations for BYOD Adoption
Thinking of embracing the benefits of BYOD in your organization? Finding the answers to the following questions will put you on the right track:
- What types of devices will be allowed, and will you need an MDM or Containerization solution?
- What apps and types of messaging will you allow your employees to use for business?
- What requirements need to be in place for employee–client communications?
- Will your security checklist require PEN testing?
- How will you develop, train your employees on the organizational BYOD use policy and enforce compliance violations?
- Which archiving solution will meet your organizations compliance needs for ingesting and monitoring all mobile/text communications data in addition to the rest of your electronic communications?
An excellent primer on why BYOD has grown so popular and the immense benefits it can provide, this webinar should be required viewing for anyone hoping to introduce a BYOD program to their organization. Regardless of industry or business size, it should give you the information necessary to ensure you’re walking the right path to BYOD deployment and compliance.
Watch the on-demand version of the Building The Compliant Mobile Ecosystem webinar here.
Smarsh
Scalable for organizations of all sizes, the Smarsh platform provides customers with compliance built on confidence. It enables them to strategically future-proof as new communication channels are adopted, and to realize more insight and value from the data in their archive. Customers strengthen their compliance and e-discovery initiatives and benefit from the productive use of email, social media, mobile/text messaging, instant messaging and collaboration, web, and voice channels.
Smarsh serves a global client base that spans the top banks in North America and Europe, along with leading brokerage firms, insurers, and registered investment advisors. Smarsh also enables state and local government agencies to meet their public records and e-discovery requirements. For more information, visit www.smarsh.com.
Latest posts by Smarsh (see all)
- Strategic Partnerships Highlighted at SmarshCONNECT 2024 - April 15, 2024
- What Are Financial Firms Saying About 2023’s Regulatory Squeeze? - January 10, 2024
- Form ADV Amendments: Frequently Asked Questions (FAQ) for RIAs - December 6, 2023
Watch it Work
Contact Us
Chat