BYOD rules you should have.
Personal phones with work email are a policy minefield. A few clear rules protect your data without making employees miserable.
The moment an employee adds company email to their personal phone, that phone is part of your attack surface. No written rules is the most common situation at small businesses — and it's exactly the one that causes the most pain when an employee leaves or loses their device.
The core tension
Employees don't want IT controlling their personal phone. Businesses don't want company data scattered across devices they can't wipe. A BYOD policy threads that needle: the company controls only the company app or data container, not the whole phone. Everyone's privacy is preserved, and the company still has a way to protect its data.
Where the lack of a policy burns you
“A salesperson left a small firm and kept the CRM on her personal phone for months afterward.”
Red flag: No MDM, no container app, no way to remove the data. She took the contact list to her next employer.
“An employee's teenager installed a questionable game on the family iPad, which was also used for company email.”
Red flag: Malware harvested email session tokens. The attacker was inside the tenant within a day.
A sensible small-business BYOD policy
- Company email and apps only via MDM-managed containers (Intune, Jamf, Google, or Microsoft's Outlook container).
- The container can be wiped remotely without touching the employee's personal data.
- Screen lock and device PIN required.
- No storing company data in personal cloud accounts (personal Dropbox, iCloud photo backups of documents).
- Jailbroken or rooted devices are not allowed on company resources.
- Write it down, have employees sign it at onboarding.
We set up BYOD programs.
Intune with container-only access gives you the protection without the privacy tradeoff. Ask us.
- 1Write a one-page BYOD policy this month, even a rough one.
- 2Deploy MDM with container-only management so you don't touch personal data.
- 3Require device lock and PIN on any phone with company data.
- 4Build BYOD deprovisioning into your offboarding checklist.
- 5Train staff: company data stays in the company container, period.
Want help securing your business?
Schedule a quick security review with our team. 15 minutes, no sales pressure — walk away knowing exactly where your gaps are.
Schedule a quick security reviewKeep reading
Your public Wi-Fi is not safe.
Hotel, airport, and coffee-shop Wi-Fi are still hunting grounds. Your phone's hotspot or a business VPN is a two-minute fix that shuts them down.
ReadTip #17 · Remote & mobileThe remote worker security checklist.
Your employee's home network is now part of your company's security perimeter. Here's the ten-item checklist that actually protects it.
Read