Estimated Reading Time: 5 minutes
By Erin Gloeckner
Employee-owned versus organization-owned… the battle wages on. As employees, many of us prefer to use personal phones and laptops for work because they are convenient, commonsense, and a lot cooler than what the IT department provides. Nonprofits know there is no way to prevent all employees from accessing personal phones at work, so many are creating BYOD (Bring Your Own Device) policies.
On its face, BYOD sounds like a wonderful cost-savings strategy. Employee productivity rises when employees use devices they know and love, and nonprofit employers save time and money as employees cover the cost of purchasing the latest productivity gizmo. The truth is, when you permit or endorse BYOD, you’re inviting new and nuanced risks into your nonprofit workplace. These risks run the gamut from privacy violations to data loss and more.
Smart Savings or Money Pit?
According to Cecil Lynn, electronic discovery counsel at Littler law firm, BYOD does not cut costs. Lynn estimates a typical mobile BYOD environment costs 33% more than when a company owns the devices. Lynn says BYOD programs cost more than organizational ownership of IT devices because companies lose bulk purchasing power, they provide greater tech support for personal devices, and security risks are hard to budget and often wind up costing more than imagined.
It’s important to recognize that employees may need to forfeit privacy rights in exchange for the freedom to use personal devices at work. By accessing work information on a personal device, an employee puts a nonprofit’s assets and reputation at risk. Employees might lose their phones, forget to encrypt work emails, or open unsecured Wi-Fi hotspots accessible by unknown external users. Even after an employee is terminated, risk remains. A former employee could bring the personal device to a new job and leak or inadvertently share sensitive information with their new employer.
To manage BYOD risks, nonprofit leaders should implement defense strategies; unsurprisingly, many defenses reduce employee privacy. For example, nonprofit IT departments may install remote access apps on personal devices, so IT administrators can access information when necessary. If an employee misplaces a phone used for work, the IT administrator can access the phone remotely and delete any sensitive organizational data.
Unfortunately, when such a remote access app is installed, personal documents like photos and videos may be accessed and deleted as well. IT staff may also be required to safeguard information by blocking network access, apps, and websites on personal devices. Nonprofit employees may view these acts as breaches of privacy or personal rights.
Aside from data breaches or the risk of a terminated employee sharing trade secrets with new employers, top BYOD concerns arise from the employment relationship.
BYOD use also exposes nonprofit employers to the potential for leaked contracts, leaked client/ partner information, and the risk of employees uploading materials to servers owned by other companies (e.g., through the use of cloud apps like Dropbox or Google Drive). If your nonprofit aspires to best-in-class risk management as a framework for BYOD use, consider putting the following safeguards in place:
No matter how many BYOD policies you create, risk remains. An IT department charged with securing nonprofit data can offer only partial protection for data stored on devices the nonprofit doesn’t own. But, even if you stick to organization-owned devices, data breaches may occur. Weigh the upsides and downsides of BYOD versus organization-owned; decide whether your nonprofit is in position to take advantage of the benefits while managing the downside risks.
As you design a BYOD policy or adapt a policy to reflect your existing practice, take time to address the following issues:
“First let me congratulate you on a conference well done. I had a great time at the Nonprofit Employee Benefits Conference and walked away with some valuable tools and questions that we’ll need to be addressing in both the short and long term. Thanks to you and your staff for all you do to provide us with quality resources in support of our missions.”
“BBYO’s engagement of the Center to conduct a risk assessment was one of the most valuable processes undertaken over the past five years. Numerous programmatic and procedural changes were recommended and have since been implemented. Additionally, dozens (literally) of insurance coverage gaps were identified that would never have been without the work of the Center. This assessment led to a broker bidding process that resulted in BBYO’s selection of a new broker that we have been extremely satisfied with. I unconditionally recommend the Center for their consultative services.
“Melanie Herman has provided expert, insightful, timely and well resourced information to our Executive Team and Board of Directors. Our corporation recently experienced massive growth through merger and the Board has been working to better integrate their expanded set of roles and responsibilities. Melanie presented at our Annual Board of Director’s Retreat and captured the interest of our Board members. As a result of her excellent presentation the Board has engaged in focused review which is having immediate effects on governance.”
“The Nonprofit Risk Management Center has been an outstanding partner for us. They are attentive to our needs, and work hard to successfully meet our requests for information. Being an Affiliate member gave us access to so many time- and money-saving resources that it easily paid for itself! Nonprofit Risk Management Center is truly a valued partner of The Community Foundation of Elkhart County and we are continuously able to optimize staff time with the support given by their team.”
“The board and staff of the Prince George’s Child Resource Center are extremely pleased with the results of the risk assessment conducted by the Nonprofit Risk Management Center. A thorough scan revealed that while we are a well run organization, we had risks that we never imagined. We are grateful to know that we have now minimized our organizational risks and we recommend the Center to other nonprofits.”
Great American Insurance Group’s Specialty Human Services is committed to protecting those who improve your communities. The Center team has committed to delivering dynamic risk management solutions tailored to nonprofit organizations. These organizations have many and varied risk issues, hence the need for specialized coverage and expert knowledge for their protection. We’ve had Melanie speak on several occasions to employees and our agents. She is always on point and delivers such great value. Thank you for the terrific partnership and allowing our nonprofits to focus on their mission!