8 BYOD rules that every SME should follow

Senior Support Analyst

Fav thing about the office

Cheesecake Wednesdays

As a child I wanted to be a ... when I grew up


Guilty Pleasure(s)

Gu Puds

Favourite Holiday

2 weeks in Florida

If I had a superpower it would be...

Definitely flying

Describe yourself in three words or less

Lots of Energy

An interesting fact about me

I was once the South Ribble Chess Champion.


Exercise, Muay Thai, Singin' in the rain

Favourite Band

Its not about the artist its about the style

Karaoke Jam

Vengabus- Vengaboys

What I do at Q2Q:

I head up the IT support team.

On a daily basis I work on resolving IT issues for our clients. My skill set tends to adapt according to the current needs of our customers, from solving basic matters like fixing a printer through to more complex server infrastructure deployment. I am also often out on site visiting customers that are in need of an IT saviour.

Within the team, I work on the proposals for new and existing customers, and ensure we all work together to implement the solutions we propose.

I enjoy overseeing new projects so that, when clients evolve, we can ensure their growth, office move and/or induction of a new team member, is as seamless as possible from an IT perspective.

I also drive the rest of the team insane with my singing!

Background and Achievements

I joined the Q2Q team when they were part of the I.T. department for the Tulchan Group 14+ years ago. This was my first full-time role straight of out A-levels. I have enjoyed being part of the company and watching it grow from 3 members of staff to a blossoming 10.

I find it hard to pin point specific achievements as one of my values personally is to always exceed your own expectations. My wife would say being a great Dad to my two boys.

A great achievement for me is getting 76 miles to the gallon on the motorway and being able to finally grow stubble.

Hobbies and Interests

I aim to train in Muay Thai twice a week and religiously go to the gym every day I can.

I can juggle and have always wanted to learn knife throwing.

The initialism BYO might more commonly be seen with another B – and associated with casual social gatherings – but with a D at the end, it’s increasingly becoming a workplace term that relates to mobile devices.

More and more SMEs are inviting staff to use their own laptops, phones and tablets to conduct business, with the rapid growth of remote and flexible working accelerating this. A BYOD approach can work well for everyone involved – but there are potential problems too, so you need to know what they are in order to guard against them.

Based on clear guidance from the National Cyber Security Centre – part of GCHQ here are eight rules and considerations to help you maximise the benefits and minimise the risks of BYOD working:

  1. Put it in a policy

    Any SME operating a BYOD system needs a policy so that staff are clear on what they can and cannot do with their personally-owned devices, as well as what business data can be accessed. You’ll need to think carefully about the information and services you want to make available to employees and make sure your network is designed accordingly.

    For example, it’s likely you’ll want to prevent unauthorised devices from accessing sensitive business data or personal information. Beware, though, of being so restrictive that staff cannot operate effectively on their devices – otherwise they may be tempted to start looking for workarounds that might increase security risks.

  2. Spread the word

    A policy is no good to anyone if it’s written up, filed away and forgotten. Organise training sessions or briefings so that everyone understands their responsibilities in this area.

    Employees’ approach to security will differ when using their own devices. They might let family members use the device or give passwords out – to someone doing repair or maintenance work, for example – so they will need to know your guidelines around this.

  3. Plan for incidents

    If something happens that could compromise security, have you thought about what you’ll do? What if a device is lost or stolen? Could you wipe sensitive data remotely and if so, how quickly?

    Staff need to know the procedure for reporting loss, theft or other problems. It’s a good idea for businesses to rehearse these scenarios, so that everyone can be confident in how to act if they need to.

  4. Think about technical controls

    Applications and technical services can help you to remotely manage personally-owned devices – though they can affect the usability of that device. A good option is to provide staff with a ‘presentation’ of information rather than storing it locally. Security solutions, such as encryption, can be circumvented if malware is present on the device.

    Usernames and passwords should not be shared between personally-owned devices and the business desktop environment, as duplication increases the likelihood of a breach. Similarly, when someone leaves your SME, it’s important to make sure company information is removed from their device and all system access is revoked.

  5. Consider other ownership options

    In some circumstances, use of personal devices might need to be restricted for security reasons and some staff may not want to use their own tablets, phones or laptops for work at all. However, this lack of flexibility and access can make it harder for employees to do their job.

    So, it’s worth thinking about other options such as devices – or better still, a choice of devices – that are bought and controlled by your business, which can also be used by staff for personal purposes.

  6. Get ready to offer more IT support

    If your workforce are using their own devices, it’s unlikely that they will all be the same type, make and model. Can your IT support manage this? Do they have the capability and expertise? This is an important consideration.

  7. Limit the information shared by devices

    Automatic backup of device data to cloud-based accounts can lead to business information being divulged, especially when staff are accustomed to sharing it with other users. You can reduce this risk by limiting the amount of data being passed between employees.

    Think about how security problems with social media could affect you too – for example, users could mistakenly send social networking posts from their corporate identity instead of their personal profile if both are configured on a device, or inadvertently reveal the location of where they are working from.

  8. Understand the legal issues

    It’s your legal responsibility as a business to protect other people’s personal information – not the owner of the device. And this will only become more critical once the General Data Protection Regulation (GDPR) is implemented in May.

    Failure to adequately protect personal data could result in significant fines for your company under the new legislation, so getting clued up on the requirements – and ensuring your device procedures are compliant – is essential.


Want to talk to our experts about your BYOD approach? Get in touch!

8 BYOD rules that every SME should follow