Why should you create a BYOD acceptable use policy?
When it comes to BYOD, an acceptable use policy is another essential policy that helps to protect and inform both organizations and its users (universities and students/faculty). The key purpose is to educate BYOD users how ‘fair, safe, and acceptable use’ is defined and to detail the actions that fall within fair use and those that breach it.
A secondary purpose is fulfilled in the act of communicating acceptable use information to BYOD users; Making sure all users have been sufficiently educated on the usage policies they’re agreeing to protects universities ethically and legally should any issues arise from unsafe or abusive use of a BYOD program.
- Protect university network from security breaches
- Gives universities greater control
- Ensure students know how to use their own devices to access university resources
- Reduce demand on support
Protect university network from security breaches
Educate your users on which actions might result in encountering or transmitting malware or viruses. This will help to avoid users accidentally taking those actions. For those intending to abuse university resources intentionally, defining clearly what is and isn’t acceptable use will help to discourage them. In both cases, the university is much less likely to be affected by security threats.
Gives universities greater control
With a set of defined acceptable and unacceptable use criteria and the confidence that your users are educated on and adhering to these criteria, university IT will have effectively given itself more control over how BYOD is used. This isn’t inherently a benefit, however, one of the challenges of BYOD from a security perspective is permitting access to university resources, systems, and networks to a huge number of unchecked machines. Greater control over how BYO devices are used can help to bolster security.
This extends to accessing software on multiple devices, leaving apps open, etc. Greater control over all the aspects of accessing software that affect how many licenses are required can help with reducing licenses as well as removing bottlenecks and peak times.
Help students get as much out of BYOD as possible
Ensuring students are as educated as possible on how to use their university BYOD program helps to give them the best digital student experience problem and provide good return-on-investment for IT after implementing robust and expensive BYOD-capable technologies.
Be certain your students know which of their devices they can access university resources on, what limitations, if any, exist when it comes to access and make sure they know the best practices of how to use their machines to access university software through various delivery methods.
Reduce demand on support
An acceptable use policy should inform users as to which actions could result in issues for them, whether that be trouble accessing software or more serious security breaches. If students are educated on which actions to avoid taking, fewer issues will be encountered and less support will be required.
So, with the benefits of writing an acceptable use policy in mind, what should your policy cover in order to be effective?
- Devices permitted for use
- How to register devices and when you should register devices
- Security practices
- Where to report security concerns
- IT support available
- User responsibilities
- Consequences of misuse
Devices permitted for use
Include a section covering devices compatible with your BYOD policy. Provide an exhaustive list and information on how they can learn the details of their device, from model number to operating system. If there are any limitations based on device type, or if certain device types require users to launch apps or access resources differently, explain them specifically. If any devices are disallowed rather than incompatible, also list them specifically. It could also be worth providing some detail on why specific devices may or may not be compatible/allowed.
How to register devices and when you should register devices
Provide your students and faculty with all the setup information they need. Whether registration/setup steps are required by delivery technologies, or whether your particular policy stipulates devices must be registered with IT before accessing resources. Let your students know at which point a device must be registered before accessing university resources with it and if there any further specific steps they need to take to prepare their personal devices for BYO access.
As previously mentioned, the more educated on security practices your users are, the fewer security threats you can expect to encounter. You can also expect to see the demand on support decrease. This can help to make the difference between a successful BYOD rollout and an unsuccessful one. Keeping support needs as low as possible keeps IT staff members available to manage the rollout and the fewer challenges your users experience in the early stages of rollout the greater their acceptance of new methods of accessing software will be.
Where to report security concerns
Similarly, informing students where and how to report any security threats they face can help to manage any risks before they become an issue and to mitigate the chance of any security breaches going unnoticed.
IT support available
Give clear instructions on how your student should do about obtaining support, should they need it. This can help to manage the flow of support requests and, therefore, IT service desks’ workloads as well as avoiding any frustration users may experience. Avoiding frustration and ensuring students have a good opinion of/relationship with the delivery tools they launch apps with helps to keep rollouts and launches smooth and can help to improve ratings given to universities by students.
In good detail, make sure to let users know the actions they are responsible for taking and not taking. This might cover regular usage tips, such as ‘do not leave your machine unattended, unlocked or logged-in in a public space’ as well as covering a list of malicious actions to avoid. Do not leave anything to chance or even open to interpretation, wherever possible.
Consequences of misuse
Let users know what any consequences of misuse are. This will help to discourage anyone who might otherwise abuse university resources, decreasing the chance of security breach, and will also support any actions that may need to be taken by IT should a security breach occur.
Some useful & related reading...
A BYOD policy is the first step toward ensuring the success of any BYOD program, but what should these policies cover?
What are the risks of BYOD to IT security and what steps can be taken to mitigate any risks?
Which devices are most appropriate for BYOD and which are limited? Read our breakdown of devices for higher education BYOD policies.