Eight steps to a successful BYOD strategy

BYOD (Bring Your Own Device) can mean lower costs and increases in employee productivity; or it can cost you your business.

That’s right, although the implementation of BYOD does bring many benefits, it is not without risk.

Poor implementation and undeveloped policies can create vast security and privacy concerns, increase the risk of distraction, and sometimes introduce legal difficulties.

Fortunately, a well-thought out strategy will help to mitigate these concerns, while maximising the advantages.

Free Download: The Complete Guide To Working From Home

With that in mind, here is our 8-step process to a successful BYOD strategy.

Step 1: Appoint a core team

The first step is to appoint a small dedicated team to handle all things BYOD. They will deal with everything from analysing your current BYOD situation to devising BYOD goals alongside the best strategy to achieve these.

While the responsibility of BYOD may largely sit with the CIO, a multidisciplinary team is required to develop a coordinated policy. For example, IT staff may take the lead in selecting technologies and looking at security risks, but the broader details will need to be looked at with staff from HR, legal and other business units.

Step 2: Define and align goals

Over the years, it’s become increasingly clear that the most successful BYOD deployments are those that have been tied to the broader business initiative. Granted, this may not have been possible in some cases throughout Covid19 due to the rush surrounding implementation. However, to develop a sustainable strategy for the future, your BYOD objectives should be set with a clear knowledge of how they fit with the business’ overarching strategic goals.

By answering the question of “why are we doing this?”, you will undoubtably find the process of agreeing on the how far easier.

Step 3: Understand security and compliance risk

Security and compliance are likely to be a concern and key consideration for any organisation. However, requirements will vary by company and division. For instance, certain businesses may process highly sensitive data on a daily basis, such as personal medical records; whereas others are required to keep and record phone or email interactions for regulatory purposes, such as those monitored by the Financial Services Authority.

Whatever you circumstance is, a vulnerability assessment will be necessary to establish what the exact risk threshold of implementing BYOD on your business is. As a result, you will be able to look at risk management measures, remote access controls, how devices are monitored, and more.

Step 4: Select scope of policy

There is no one-size fits all approach when it comes to selecting the scope of your policy. A strong policy though will include the following in a clear and concise format for staff:

  • Acceptable use - which activities are permitted/prohibited for business or personal use
  • Devices - what devices are compatible/not compatible
  • Apps - which apps are permitted/not permitted, including download of new apps
  • Ownership of apps and data and their management
  • Support and service - how to deal with connectivity issues, configuration of apps, forgotten passwords, etc.
  • Security - what measures will be put in place to prevent unauthorised access to business data and systems, enable remote management of device, etc
  • Liabilities – e.g. for costs associated with the device or for the loss of data or device
  • Termination of access – e.g. for non-compliance with policy, or an employee exit

You will also need to provide staff with guidance on:

  • Keeping a device secure through software updates
  • How to create strong passwords and how often they need to be reset
  • How to handle storage of personal data on devices

Step 5: Establish processes

Th next step is to establish BYOD processes for your workforce. Mature processes will streamline the setup, allowing your employees, and therefore the business, to be more productive. For example, consider elements such as your enrolment process or if you require an agreement to be signed by staff to make sure they understand the policy.

Again, this needs to be laid out in a short and to the point format, making it clear what is expected of staff from the start.

Step 6: Choose tools and resources

When it comes to BYOD, there are a range of solutions available to manage associated risks. Choosing the most suitable solution will depend on your goals and objectives, as well as security and audit requirements. Most commonly, businesses enable the setup via Mobile Device Management (MDM) or a secure container approach. MDM is the administration of devices in the workplace, including installing, securing, monitoring, integrating, and managing of those devices. A secure container on the other hand uses software to create an isolated environment for data, applications, and other business resources.

Many businesses find it beneficial to seek external IT help when choosing the BYOD tools and resources. A third-party IT vendor will have an extensive overview of the BYOD landscape and know the right fit for your organisation.

Step 7: Educate employees

By now, you’re most likely aware of the importance of a BYOD policy and what to include. But without employee buy-in, the setup will fail. Indeed, if staff feel threatened by solutions or overwhelmed by policies, they may be less likely to follow the right processes – thus putting your business at risk.

BYOD education should start immediately when users begin working for your business and continue with occasional refreshers. Training can run in person or online, and should focus on raising employee awareness, as well as keeping everyone up to date on best practices.

Step 8: Revisit your strategy

Once you’ve gone through these 7 steps, the job is not over. BYOD is a complex, ever changing landscape that requires you to revisit it regularly. Your team need to dedicate time to conducting reviews of processes, policies, and tools, as well as assessments of security risks. At a minimum this needs to be done once a year. Depending on the nature of your organisation though, every quarter may be more appropriate.


While employees enjoy the convenience and familiarity of working on their device of choice, BYOD can be a major headache for IT departments – let alone amid a global pandemic where CIOs and business leaders are under more scrutiny than ever to facilitate secure home working at pace. But the end result can be well worth the effort. Undeniably, following these 8-steps will ensure you create a solid strategy that will mean more than just increased productivity. Employee morale soars, hardware costs are cut, and staff can work from anywhere with ease.

With over 16 years of experience within the IT sector, the entrust IT Group have overseen may BYOD projects for customers. Each of them with their own unique needs, we worked with them to develop policies and processes that met these. By coupling this work with the right solution, whether that be MDM or a secure container approach, they were able to future-proof their business and pivot quickly to home working throughout Covid19, without concerns over security and compliance. If you’re unsure which way to go, or lack in expertise, we can help – email enquiries @entrustit.co.uk or call 0330 002 0045.

New call-to-action

Subscribe here!

Recent posts

Posts by tag

See all