Thanks to the increasing popularity of smartphones and tablets (as well as laptop computers), the ways in which we work and use technology have changed exponentially. These days, very few CPAs have to be tied to their desk in order to get things done. And policies enabling employees to use their own devices to complete tasks have made firms far more flexible and efficient.
However, such a change isn’t without its issues. As an LA based CPA, you’re aware of the amount of sensitive data that you come into contact with each day and having free rein to access such information via a smartphone or tablet could lead to it falling into the wrong hands quite easily. Additionally, bring your own device, or BYOD, policies leave employees open to using the technology for other means. So, how do you police each staff member while they’re meant to be working?
A BYOD Acceptable Use Policy (or AUP), is the fundamental way that firms can ensure codes of conduct are being followed. Such a document details what employees are and aren’t allowed to use their devices for, the networks they’re able to access, and how data must be managed while they’re using their own phones and tablets. While they won’t stop the misuses of devices altogether, AUPs and the penalties associated with their misuse should be enough to deter employees from mishandling data. If you’ve yet to introduce such a policy at your firm, now is the time to think more carefully about such a move.
So, here are some of the primary concepts your BYOD AUP should include and why is each relevant to your workplace…
1. An introduction to the policy
Your AUP needs to outline the convenience of using privately owned smartphones and tablets and the privileges associated with accessing the office’s networks and servers. Bringing your own devices into work isn’t a necessity, after all. Remind employees of your company’s code of conduct and list the networks, servers, and shared systems that they’ll be able to access via their own devices. Detail the penalties for misuse and detail the types of devices that are, and aren’t, allowed within office time.
2. Reference to social media usage
Social media can be such a drain on work time and resources, so employees need to know where they stand with regard to accessing sites during office hours. Are you aiming to prohibit social media altogether or merely limit its use? Remind staff members about discussing their work on social media; mention of the company name or clients could cost you dearly. So, employees need to refrain from linking their private and professional lives.
3. A list of prohibited sites or data
While logged into your network, will employees be allowed access to shared calendars, emails, and documents? The AUP should list everything that will be available. As well as listing the sites and activities that are allowed, an AUP also has to be detailed about what’s prohibited; devices shouldn’t be used to download, store, or send illicit or copyrighted material and employees must refrain from using their phones and tablets to engage in out of business activities or using them to harass others.
4. An emphasis on client security
Your clients’ personal data is integral to your business. Your staff must be aware of the ways it can and can’t be used or risk exposing it to the public. The BYOD AUP must outline everything that accountants can and can’t do with regard to company information and stress that any devices being used during the working day must have security features that prevent information from being targeted. Insist upon password-protected devices and remind employees how to create strong passwords. Require that employees set their devices to lock with a PIN after periods of inactivity and prohibit unlocked devices.
5. Details of remuneration
It isn’t unheard of for employers to remunerate staff members that are using their own devices in the workplace; will you reimburse all or part of the cost of devices, pay towards bills, or cover expenses? If so, be sure to include details in the AUP. Employees must understand every aspect associated with using their own devices at work, so list all relevant information to remove doubt.
Putting together an AUP can be daunting, particularly if you’re struggling to remember everything you’d like to include. Where is your firm at with putting together an AUP? Do you have one? Are you in the process of putting one together? If you have any hints or tips for fellow CPAs, please share them with us in the Comment field below.
To follow through on the tips introduced in this article, be sure to download our free guide 12 Ways for CPA Firms in LA to Utilize Technology More Efficiently.