Join The NonProfit Times: or Become a member

Subscribe: Print Publication or Newsletter

Stay connected.
Stay informed.

BYOD: “Bring Your Own Device” Is A Growing Trend

By Mark Hrywna - July 1, 2013

The average person today has 1.2 personal electronic devices. OK, that’s a completely made up statistic but you have to admit everyone seems to have at least a smart phone or tablet computer – and many have both.

The device in your pocket has as much capability and power – if not more – than Apollo 11 so it shouldn’t come as a surprise if employees want to use their personal devices for business. But it’s not quite so simple as saying, “Sure thing, have at it.” Accessing your nonprofit’s system — and data — can be tricky, if not dangerous.

“The top tier of technology that used to be the realm of IT is now everywhere,” said Darren Schoen, director of technology infrastructure at the Broward Center for Performing Arts in Fort Lauderdale, Fla. “Users expect to have everything everywhere because they can with their own personal stuff,” he said, pointing to cloud services such as iTunes, Dropbox and Google Drive.

Bring Your Own Device (BYOD) is a growing trend. “It’s coming. It’s not if but when we have that conversation,” said Schoen. “As devices become more powerful, you’re going to have to deal with it. Pretty much everyone is going to have them eventually.”

Schoen likes to ask this question. Imagine losing an iPad with your entire donor database on it: Would you be worried that someone could get that information? “If your answer is yes, that is why you need to be worried about security and safeguards,” he said. Data could include credit card information or intellectual property. “Any data that is sensitive that you would not feel comfortable emailing to your entire contact list – friends, family and competitors – if you’re worried about that, you need to be worried about BYOD and security, he said.

With IT sprawled the way it is, Schoen said, “we can only patch the dike so many places. Unless we’re draconian in our policies, there is going to be some risk with any device coming onto your network.”

Schoen, who presented a session on BYOD at the annual Nonprofit Technology Conference (NTC) this past April, preaches getting buy-in from the top down, and one selling point is the risk of allowing devices onto a network.

“With more money we take in, the more compliant we have to be,” Schoen said, whose organization is annually generating about $32 million. “We’re one of the busiest venues in the world for our size. Are we willing to say, because someone lost their phone, we lost 100,000 credit card numbers?”

No devices are allowed on the network at the Broward Center. “That’s what I’ve done, how it’s worked very well for us,” Schoen said. Email access is provided for all devices because of Broward’s extensive filters, and a remote connectivity app allows users to connect from a home laptop or tablet. “We still have preserved our network security, yet still giving options to our users,” he said.

If an employee wants to use their device, Schoen suggested having them agree to install an app that can be used to wipe the phone of any organizational information or data, if necessary. “BYOD may be becoming expected, but we should not be expected to support every single thing about their devices,” he said.

Staff will not get anything because the risks are too great unless they sign the policy, said Schoen. It also can help set expectations. “A lot of times, people won’t freak out if you tell them we’ll only delete company data on your phone. That’s all we have access to. A lot of times people are going to take that much better than if you say, ‘We’ll wipe your whole plan,’ then it’s like a Big Brother, perception thing,” he said. The policy is your foundation for implementing BYOD and risk, regulation, privacy and infrastructure will be your guide, said Schoen.

Years ago it was easy to regulate devices with Mobile Device Management (MDM) because virtually all of them were company owned, Schoen said. But in some places, employees use their own devices, which might prompt a look at Mobile Application Management (MAM). MAM allows for a remote wipe of a device, or parts of a device, in case it’s lost or stolen.

Pioneer Resources in Muskegon, Mich., distributed a BYOD policy to staff explaining the organization’s need to be able to control corporate stuff like email on personal phones, including wiping someone’s phone if necessary.

There was some immediate pushback from staff. “We’ve had some people who refuse to sign up and want more documentation about what exactly we’ll be able to wipe,” said Susan Dennison, finance director at Pioneer Resources.

Privacy and security restrictions around the Health Insurance Portability and Accountability Act of 1996 (HIPAA) also can pose other issues for BYOD.

Pioneer Resources provides services, housing and training to people with disabilities, with its annual budget of about $7 million derived primarily from government contracts. Pioneer Resources has a staff of about 250 people, with supervisors already enacting BYOD policies within their departments about organization emails on personal smart phones. It has more than a dozen different off-site locations, in addition to a lakeside camp with 27 buildings.

The organization recently issued two tablet computers, set up with email and Internet access, to maintenance staff who work within the numerous buildings and properties. Tablets will allow them to exchange photos of parts or damage, as well as issue or complete work orders. The tablets were easier to use, as well as cheaper than buying laptops, Dennison said.

“There was the cost but also what they need to do with it,” she said. A property management app will let them pull information into a database and eventually allow a concise information exchange, creating a work ticket and feeding it into a database while also feeding work orders to staff.

“It’s definitely a work in progress,” said Richard Wollenberger, director, information technology at Parents As Teachers in St. Louis, Mo. He revised his organization’s BYOD policy last year, splitting it in two, for personal devices and company-owned devices.

The BYOD policy makes clear the minimum requirements of personal devices that connect to its system (only those that connect with Microsoft Exchange Active Sync), as well as an agreement that the organization can wipe from the phone under certain circumstances.

“We want to be proactive about who’s connecting to our system,” Wollenberger said, adding that he’s found free tools that can show what devices are connected to its systems. “We have a fairly good control method to who accesses the system,” he said. “We’re a lot less formal than other organizations are or need to be about it,” he said.

Parents As Teachers has 60 staff, with all but three working in one building in St. Louis, Mo., along with two employees in Minnesota and another in Seattle.

Parents As Teachers had a combined policy that encompassed company-owned phones as well as personal, but Wollenberger split the policy last year after company-owned tablet devices raised a different set of issues. It was updated again this year to include the new version of Blackberry software that the organization previously did not support.

“The point here is to protect our system and to do it as politely as possible,” said Wollenberger.

But even at small organizations, there can be costs to giving monthly access to staff, which employees might not be aware of, according to Wollenberger. Of 21 devices connecting at Parents As Teachers, 17 are personal devices and only four are issued by the charity. Other than the tool he’s used (Meraki), those have a cost per device to connecting each month.

“How do I manage the cost? Why should I be budgeting money each month to give you (staff) unlimited access to our stuff?” If it’s just for convenience, you pay the monthly fee; but people aren’t aware of the monthly cost.

At larger organizations with hundreds of employees, that type of cost likely would have to be a work requirement, with the company paying for it, Wollenberger said.

“The key is educating non-IT people about the importance of security. Do that and the risks go way down. If they take ownership of that problem, the risks go way down,” Wollenberger said. But there’s no way to do it without some level of risk. “It’s never going to be 100 percent,” he said, but it’s about ease of use, administration and teaching users why it’s important.

Schoen warns against getting locked into a MDM or MAM plan. “There’s a whole host of MDM, MAM things coming out,” said Schoen. “The space is changing so quickly right now because it’s such a concern for so many organizations.”  NPT

Podcast_forHub_500x500

Sponsored Podcasts

Welcome to the Raise & Engage podcast, a filters-off series for nonprofit professionals hosted by Blackbaud's straight-shooting expert Danielle Johnson Vermenton. During this open-mic session, you’ll hear honest advice to help YOU do more for your cause.

Episode 6: The Power of ‘No’ at Work|| daniellejohnson-76

You have a job description, but on any given day, you're probably doing dozens of things outside the scope of that description. Combine that with the challenge of a fast-paced environment and the shifting priorities of funders, colleagues, and board members and it’s easy to fall short of doing your best. By being mindful of your limitations and capacity—and saying “no” when your plate is full—you can actually do more for your cause. In the sixth installment of the Raise and Engage podcast Danielle Johnson and Robin Anderson discuss the power of saying “no” at work.

Episode 5: Professional Development: Getting Un-Stuck|| daniellejohnson-76

In the most recent episode of Raise + Engage, Danielle is back with Brian Reich from little m media to discuss how nonprofit professionals can stay motivated and energized in their day-to-day roles. Brian shares his experience working with nonprofits and the lessons and tips he's learn from and shared with them over the years, including tips for avoiding a professional rut, creating forward momentum in your career and pushing yourself outside of your comfort zone. If you're considering making a career move or want to ensure you're on the right path, you won't want to miss this inspo-packed episode!

Episode 4: Apps and Hacks to Stay (Mostly) Sane || daniellejohnson-76

Episode 4: Apps and Hacks to Stay (Mostly) Sane, is all about tips, tricks and tools for sanity. Blackbaud’s own interactive product marketer, Julia Lenz, joins host Danielle Johnson to share some high tech. (and no tech.) productivity tips to help nonprofit professionals stay sane in the crazy world of philanthropy.

Tune in to hear:

  • Tips for how to spend the first 30 minutes of your day
  • The benefits of 15 minute meetings
  • Why notebooks are still relevant to a successful organization
  • Ideas for better managing your inbox
  • Why you should take lunch outside the box
  • ...and much more!
Don’t forget to visit the #NoFilterNonprofit Hub afterwards to download our newest tip sheet10 Productivity Hacks for Nonprofits.

Episode 3: Tech. Connection: Solutions, Strategy, and Staff || daniellejohnson-76

Episode 3: Tech. Connection: Solutions, Strategy, and Staff In episode 3 of the Raise + Engage podcast, Danielle Johnson is joined by Chris Geady and William DaSilva, two IT experts in the nonprofit space, to talk technology integration for NPOs: when you need it, when you don’t, and how to do it successfully.


Tune in to hear:

  • When to say NO to integration
  • How to set your strategic plan before even looking at technologies
  • Ways to get your entire team on board
  • The importance of identifying a project lead
  • The RFP process - how it should and should not go
And William shares a story about a nonprofit that may or may not have still been using a typewriter. You don't want to miss this one!

Episode 2: From Socially Awkward to Socially Awesome! || daniellejohnson-76

According to Danielle Johnson, straight-shooting host of the Raise + Engage podcast series, if your staff members aren’t the number one advocates for your cause on social media, you’re failing. In the most recent episode, Danielle is joined by Blackbaud’s own social media guru Madeline Turner to discuss overcoming social struggles and creating a social ambassador program at your organization. This entertaining and insightful duo dishes on the importance of making your social media presence human, making the case for a formal social program to leadership, how University of Michigan turned a one time social media campaign into a long term social program, and how Madeline's mom unknowingly became a social ambassador on #GivingTuesday.

Episode 1: Corporate Culture & Development: Shake It Up! || daniellejohnson-76

In the premiere episode of Raise & Engage, Danielle is joined by three straight-shooting nonprofit rock-stars: Jodi Smith of Sanford Health Systems, Veronica Brown of Chicago Public Library Foundation and Ali Burke of Southlake Regional Health Centre Foundation. The group talks organizational culture, problem employees, why its important to celebrate and how to shake things up this year and build a better more authentic team that gets stuff done!

Newsletters

Stay informed, catch latest trends in the nonprofit space.

Subscribe to Our Free Newsletter

No obligation, unsubscribe at anytime.

Success! Check your email inbox.

Follow Us On Twitter

NPT 2016 Buyers' Guide

Newsletter Sign-up



click here to return to the previous page