Time to Update your Mobile Phone Policy?

Group of happy young multiethnic businesspeople standing in an office and using mobile phones

Corrata gives you some ideas about updating your organization’s mobile phone policy

Policies Designed for the Past

Today, most companies have some sort of policy covering mobile phone use. But in reality, many of these mobile phone policies date from an earlier era, one when mobile meant Blackberry or Nokia and most of what we routinely do with our phones today was in the realm of science fiction. What’s more, many policies were designed for an era of per minute or per megabyte billing for mobile services. 

Today’s Environment 

Mobile phones have become a crucial tool in carrying out everyday business operations. Employees can respond to emails on the go, join video conference calls at the touch of a button, and communicate with customers and partners overseas. Equally, employees today expect to be able to use their work devices to keep up to date with social media, to get routine personal cores done efficiently and for entertainment when they’re off the clock. Sometimes the lines between corporate and personal use start to blur. In these circumstances, its essential to provide clear guidance and make it easy for employees to do the right thing.   

Outdated Policies 

So, what should you include in a Mobile Phone Policy? We decided to do some research…we reviewed a range of mobile phone policies from a variety of enterprises. Not surprisingly, we found that for the most part they were, to say the least, a little outdated. Many stated that employees have to reimburse the company for every personal call made…really? A blanket restriction on using your phone to access non work content? In this day and age, most carriers provide unlimited call packages (at least domestically) and generous data allowances. Insisting employees use company phones solely for work purposes is a bit extreme…not to mention unrealistic and impossible to administer.

In response to this, here are some ideas about how you might update and tailor your existing rules and regulations around employee mobile phone use. Firstly, let’s look at what exactly is a mobile phone policy… 

What is a Mobile Phone Policy?

A Mobile Phone Policy is a written document that states the rules and regulations around employees using company mobile phones. A clear policy helps eliminate cases of device misuse, avoid excessive phone bills and reduce the risk of cyber attacks. However, a modern policy should also be fair and pragmatic, taking into account changing technology and the needs of the employee. 

Here are the key components that you should always include in a mobile phone policy: 

The Basics

Firstly, the business should outline the criteria for being eligible for a company mobile phone. Ideally this should be role based i.e. because the employee needs to be contactable outside office hours, works in the field or frequently travels. Seniority may be another reason for entitlement to a company paid for device – both a tool and a perk.  

A policy will state the role and responsibilities of the employee: keeping the device safe and secure, protecting all company information from third party access and prompt reporting of a lost or stolen device. In addition, the employee is responsible for complying with acceptable use policies. 

The quid pro quo is of course that employers have rights to monitor how employees use their device, to insist on employees avoiding excessive costs and to get the phone back when the employee leaves the company.

Modern Policy 

Device Replacements 

Innovation and technology are evolving so rapidly that the average life cycle for a mobile device has dramatically decreased. As a result, company devices need replacing more frequently than they did in the past (now usually every three years). A modern policy should outline procedures around mobile phone upgrades and replacements. This is important as it will ensure the security of your devices. It also avoids ‘special pleading’ by employees who are desperate to have the latest device! 

Personal Usage

Arguably one of the most important sections (and the most outdated in company policies) is the clause which explains what the device can and cannot be used for. Yes, companies should outline that employees should primarily use the device for work related activities. Companies should be specific and explicit so that employees understand what is considered ‘unacceptable use.’ 

Unacceptable use usually includes: excessive personal use, browsing websites considered to be not ‘work appropriate’, and accessing websites that pose security risks to the device or company data.

However, a modern policy should allow appropriately limited personal use. We live in an age where friends and family expect to be able to reach us at any time of day. A quick phone call here or there should be acceptable. On the other hand, spending an hour a day on the phone on expensive calls to your relatives overseas is a different story. Likewise, employees need to take particular care when roaming in high cost locations. Companies should clearly state regulations around international calls (non work related by exception), use while abroad (only essential non work related) and dialing premium phone lines (never).

Data Usage

Internet and data usage is another aspect of the policy that companies need to reassess. Texting has now been largely replaced by free instant messaging services such as Whatsapp, Viber, iMessage and Facebook Messenger. It would be unreasonable to ban employees from all communication platforms. 

However, we know that 75% of data consumed by employees is non work related. Only specialised applications (e.g. a TV reporter uploading video footage) use more than one gigabyte of data a month. So there’s a strong argument for giving each employee an individual data allowance (say 4 GB). Employees can get the work done but still have plenty of headroom for personal use. To keep data levels down, employers may want to consider blocking access to high bandwidth streaming services such as Netflix, Hulu and Amazon Prime on cellular.

apps used for social media phishing

The Importance of an Up-to-Date Company Policy

It is important that companies align their policy with today’s workplace, technology and service plans. There is nothing worse than a policy that is honoured more in the breach than the observance. When policies are clearly outdated they become discredited.  And once discredited it’s a free for all. And, what’s more, once employees begin to ignore phone policies, they are more likely to disregard compliance regulations in really important areas such as health and safety, financial probity and workplace harassment. 

Having a policy in place creates safe and secure standards around mobile phone usage. It equally helps create a culture of respect and trust. Management should refer employees to the company policy and update when necessary. Employees are much less likely to exploit company devices if the company enforces a fair mobile device policy. 

Technology to Support Compliance

But we also need to make it easy for employees to comply. For example, in relation to internet usage, how can an employee tell how much data they are consuming on their company device? This is where solutions like Corrata can greatly benefit companies. Corrata’s software enforces limits on non business use, applies more restrictive policies when roaming, blocks access to inappropriate content and prevents phishing and malware attacks. This gives the employee peace of mind that they won’t cause problems for their employer or lead to any awkward conversations with their line manager. Corrata allows enterprises to strike the right balance between the need for control and the need for flexibility which modern life demands.   

Related Resources

Related Resources

Read the latest news on enterprise mobile security direct from the specialists.

Read the latest news on enterprise mobile security direct from the specialists.