BYOD or COPE? Do You Allow Employees To Use Their Own Devices For Work?

The evolution of personal mobile devices and the rise of how necessary they are to business success these days are forcing many small business owners to make a choice. BYOD or COPE? Or “Bring Your Own Device” vs. “Corporate Owned, Personally Enabled”.

The Typical Solution ‐ BYOD. According to the CDW 2012 Small Business Mobility Report, 89% of small‐business employees use their personal mobile devices for work. But the headache involved here is how do you support and secure all of these devices? The scary thing is that most small businesses don’t even try! The CDW survey found that only 1 in 5 small businesses have deployed (or plan to deploy) any systems for managing and securing employees’ personal devices.

The Alternative ‐ Is COPE Any Better? A minority of small businesses has implemented a Corporate Owned, Personally Enabled (“COPE”) policy instead. They buy their employees’ mobile devices, secure them, and then let employees load additional personal applications that they want or need. And the employers control what types of apps can be added too. And the “personally enabled” aspect of COPE allows employees to choose the company‐approved device they prefer while permitting them to use it both personally and professionally. COPE is certainly more controlled and secure, but
for a business with a limited budget, buying devices for every employee can add up pretty quick. If you go the COPE route and are large enough to buy in volume, you can likely negotiate substantial discounts.

Security Concerns With BYOD. If you have client information that must be kept secure or other industry specific regulations regarding the security of client data, then COPE is likely your best approach. It takes out any gray area of whose data is whose. Plus there is a certain comfort level in being able to recover or confiscate any device for any reason at any time to protect your company without any worries of device ownership.

My Advice For BYOD Companies. Invest in your people,. Your employees are your biggest asset and your biggest threats.

  1. Have good information security policies.
  2. Invest in training for all employees.
  3. Get a proper security assessment done. Know your threats and risks.
  4. Trust your people and enable them to give you early warning.
  5. Where possible, choose COPE—it will save you a fortune in discovery and litigation costs.

Watch Dawn Lomer’s Interview with me about BYOD at http://i‐sight.com/corporatesecurity/tackling‐information‐security‐in‐the‐age‐of‐social‐and‐byod/