FROM THE BOARDROOM to frontline staff, being permitted to ‘bring-your-own-device’, otherwise known as BYOD, is a growing trend in business. While it’s clearly an IT issue, BYOD is increasingly creeping onto the FD agenda; in part given the implications for procurement and claims from IT providers Cisco, among others, that BYOD reduces the overall cost for a business.
IT analyst Gartner predicts that by 2017 half of employers will require their employees to supply their own device for work purposes. BYOD is an entirely laudable scheme which not only reduces overall cost to business, but also boosts productivity. The same Cisco research reveals BYOD employees gain an average of 37 minutes of productive time per week.
However, it is still a relatively recent phenomenon with a number of unknowns. Speculation as to the security risks of BYOD has been well documented but scant attention has been placed on the legal ramifications associated with unlicensed software use; a possible by-product of BYOD.
In part, this is because BYOD naturally defers an element of trust on the employee. It’s a significant enough undertaking to expect the IT department to keep track of what people use their work devices for and how – even more so when people are using their personal devices for work purposes.
With limited visibility, there will always be a question mark over whether members of staff are using unlicensed or counterfeit software and in so doing, exposing the company’s network to viruses and malicious attack. Security hazards aside, in both scenarios a company is infringing copyright law and answerable to the rights holders. Redress commonly comes in the form of an investigation by the Business Software Alliance (BSA). It can be followed by a hefty financial settlement, and the requirement to purchase licences to legalise any unlicensed software. For instance safety specialist First Choice Facilities Ltd paid almost £100,000 after being found with unlicensed software.
Companies often come unstuck when there is uncertainty over accountability. Clear lines of responsibility are crucial in all areas of business – including software licensing. Which is why BYOD comes laden with risks: unless ambiguities are addressed from the outset.
Where do the responsibilities lie?
An important rule of thumb is that the employer is largely responsible for instances of unlicensed use of software in the work environment – even if employees are using personal devices for work purposes. If software is being used to carry out on-the-job responsibilities, the business must be able to provide the correct licenses to prove the software has been properly acquired. Failure to do so could expose companies to allegations of unlicensed software use. Similarly, organisations who engage freelancers must ensure any software in use is legally compliant.
In terms of clarifying lines of accountability, BYOD is as much an FD concern, as an IT matter; particularly if a company has to pay a financial settlement as a result of procuring too few licences for their software. According to a study from BSA 85% of FDs are responsible for software licensing in their organisations and yet only 7% of the FDs surveyed were confident that software installed in their organisations had been deployed correctly.
This uncertainty could potentially spiral when processes are complicated by an influx of unregulated personal devices. It is therefore paramount that FDs keep abreast of all software licensing issues and involve themselves in implementing clear BYOD policies.
In the first instance, it is important to build an inventory of which devices are being used for what purposes. Well defined and communicated guidelines are also essential; particularly when issues of legality and security are at stake. An agreement signed by both the employer and employee regarding sanctioned downloads and software licensing allowances would be prudent.
Although senior management is ultimately responsible for ensuring a company’s IT is legally compliant, employees need to be made aware of the pitfalls.
To provide peace of mind companies might also want to carry out a thorough software audit once or twice a year. If necessary, this can be outsourced to an expert third party and may actually result in savings by identifying areas of over-licensing. If in doubt, companies shouldn’t hesitate to seek legal advice to make sure they are compliant.
Workplace practices are quickly evolving and the BYOD trend is only one example of this. Companies are increasingly being expected to change their policies to suit changing employee attitudes; particularly ones that employ a thriving Generation Y workforce that has grown up in the digital age. Ultimately this is a positive progression; as long as legal issues are thought through and IP is protected.
Julian Swan is director, compliance marketing EMEA at BSA
Join Financial Director, Oracle and a host of ‘Fast Data’ experts to discover how financial professionals can help create a Fast Data business
Yahoo’s data breach highlights difficulty in determining whether unauthorised access to data has occurred
Cyber risk is a dynamic threat as criminals seek more creative ways of extracting value from reputable businesses. The new wave of attackers are sophisticated and skilled, and may lie low inside a network for weeks, or months, before taking definitive actions
What can you do to ensure your employees know the company policy and stick to it? Hear from other CFOs and experts in our free-to-view video
What are the next big technologies which can help keep cyber criminals at bay?