Why & How To Create A BYOD (Bring Your Own Device) Policy For Your Flower Shop
What is a BYOD Policy?
A BYOD (bring your own device policy) governs the way personal devices are used in the workplace. For example many employers expect that smartphones are left in lockers or with other personal items until break times so that the employee is not distracted. Others will restrict the use of camera features - you might not want the production or storage areas of your shop making the rounds on social media. The policy also needs to cover the acceptable use of your internet connection, particularly prohibiting it from being used to access inappropriate/offensive material or illegal/pirated content. In recent news the producers of the film The Expendables 3 are pursuing the people whose internet accounts were used to illegally download the movie. They can't really go after the people that did the downloading so they're going after the people that provided them with internet access. You need to protect yourself and a BYOD policy is an important part of that.
Why do florists need a BYOD policy in their flower shop?
A large percentage of your employees are likely to have personal electronic devices like smartphones and bring them to work. It seems like a simple thing but these tiny devices are powerful computers, cameras, video/audio recorders, etc. With them comes the threat of lost productivity, unprofessional conduct, compromised security and more.
That means that the use (or misuse) of a personal electronic device could affect employment status. Doing the wrong thing with your device could get you fired.
As the employer you’ll probably know what that “wrong thing” is when you see it, but that isn’t enough. In fairness you should explain your personal device policy to your employees so that they can comply and, ideally, avoid any problems entirely.
That is the goal of a BYOD policy – to document the appropriate use of personal devices in your workplace. Some of the areas it needs to address are:
Productivity is a major concern. The time at work an employee spends on a personal device is largely time lost from the point of view of the employer. Sure – it might only take a few seconds to respond to a text, check Twitter, or post something to Facebook but when the device is always within reach all that time can add up. It is also true that people are generally not nearly as good at multi-tasking as they believe and the more time they spend flipping between work and their personal devices the less they are fully focussed on work.
Some employers have their employees place their devices in a locker but the real goal is to just get the device off their person so they can’t be checking it constantly. Instead they can retrieve it and use it on breaks.
Some employers are less strict and allow the employees to keep the devices with them but with the understanding that it won’t distract them from their work. Seemingly more lenient this can actually create more friction – if the employer sees the device coming out more frequently they have to start questioning the urgency and that can lead to resentment.
On the other hand personal electronic devices can, when used responsibly, also make your employees more productive. For example a mobile floral delivery app that helps your drivers complete their flower deliveries more efficiently and also sends out real time delivery confirmations (by email or text message, with a photo, driver comment and signature capture) is one of the most popular features in FloristWare. While some of our clients provide their delivery drivers with company phones, most expect the driver to have and use their own.
Your BYOD policy should address access to devices. Are they to be put away until breaks? Or can they be carried and used with discretion? If so what is considered appropriate use?
In a retail or service environment customers expect and deserve courtesy and attention. In years past customers would be frustrated when they entered a store and saw the employee paying more attention to a phone call or chatting with their peers. Today they are more likely to be put out by an employee that is too engrossed in their mobile device to look up and acknowledge them politely.
This is largely a generational issue. There is a generation of young people that will sit in a group of people and converse, while spending most of the time looking at their personal devices and carrying on simultaneous conversations via text message, etc.
Among their peer group this is commonplace and accepted, but a customer from a previous generation is likely to be appalled by an employee that is also engaged with their device. In fact any customer, regardless of generation, is unlikely to enjoy competing with a device for the attention of someone who is supposed to be helping them.
Your policy should explain what happens to devices when dealing with customers. If for example you allow your people to carry their devices you might specify that they never, ever come out in the public areas where employees interact with customers.
One aspect of protection is content. The internet delivers an almost infinite variety of content anywhere, but much of it is inappropriate to the workplace. One employee might use their device to access content that another finds offensive, and that employee could then accuse you of providing a hostile work environment. That means that in addition to specifying when your employees can use their personal devices at work you also have to specify what is acceptable on the premises. Just as you wouldn’t allow an employee to leaf through pornographic magazines in the lunch room you can’t let them access that same material on their devices.
Your policy should address the kind of material that you consider acceptable/unacceptable for your workplace. You can help enforce this and further protect yourself through the use of a content-filtering system (something that blocks access to certain types of content) but employees still have access to anything over their cellular connections. They have to know what is allowed and what isn’t.
The other consideration involves your network resources. If you are going to give employees access to your wi-fi network you really need to set up a separate guest account and restrict their personal devices to that. Otherwise you are potentially giving them access to files shared on your network.
Some of this scan be addressed through proper configuration of your network but again – make sure your employees understand the rules. Explain that if you are kind enough to let them use your internet connection they cannot under any circumstances copy or transfer any files that are on the network.
You also need to clarify that personal devices never get plugged into any of the computers on your network. It’s fine to plug directly into an outlet to power up but connecting directly to the machine via USB is simply too dangerous and can never be allowed.
Your personal device policy is likely to change over time. Be sure to keep your existing employees up to date so that they can comply.
You should also discuss it preemptively with potential hires. When, during the interview process, you talk about the position, hours, etc. you should also bring up the policy in broad strokes. Just saying something like “we have a pretty specific policy here regarding personal devices. You’ll have to leave any devices in your locker while you’re working. You can look at it during breaks, but you can’t ever use it to access or view inappropriate or offensive material here in the workplace. We’d be asking you to sign off on that policy before hiring you, and breaking that policy would be grounds for dismissal, so if you have any questions please ask them now”.
Elements of a Successful Flower Shop BYOD Policy
Once you have decided to implement a BYOD policy in your flower shop here are some of the elements you need to consider:
Don't Put Them On Your Primary Wireless Network
It's easy to just run one wireless network and put everyone on that put it is also very dangerous. Doing so gives them access to other network resources (like printers) and shared folders and documents. It could be very easy for them to read, modify and delete sensitive work files. It would be like using the wifi at a hotel and having access to their network and all the files on it. You can't do this!
Do Create a Guest Account With Limited Access
Instead of providing access to your primary account you need to set up a separate guest account that only provides access to your internet connection. This is easy to do with most wireless routers and it's a built in feature so it won't cost you anything!
Don't Ever Distribute The Password To Your Primary Network
Let's say you do put people on your primary network - you shouldn't but you do it anyway. If you distribute the password you have lost control because you have no control over who it is shared with in the future. If you absolutely must add someone else's device to your primary network you should enter the password for them and not let them see what it is.
Don't Run an Open (No Password) Network (even for the guest account)
This is essential whether you are using the primary network or the kind of special guest account mentioned above. Although the term password is commonly used wifi networks are really protected by something called a security key and it is used to encrypt all data that travels over the network. Without that much of the information travels as plain text and can be read by anyone within range. You need to protect yourself and the people that use your network by using an encrypted network and that can only be accomplished by using a password.
Don't Use Weak Security
When you are setting up your guest account you are allowed to choose from a number of different options. Make sure that you always choose WPA2 which, at this time, provides the best combination of security and device compatibility. It's true that some older devices might not be compatible but don't downgrade to an insecure standard like WEP because of that – the older devices will have to be replaced with more modern (and secure) versions.
Don't Mistake "Stealth Mode" For Real Security
You know how your mobile devices show you a list of the networks within range? That is made possible by something called SSID broadcast whereby your wifi router announces its presence to the world. Now - if you have ever looked at the settings for your router you have probably noticed that you can disable SSID broadcast (sometimes referred to as entering stealth mode). If you do it means that people won't see the name of your network on their devices without some extra work – instead they will have to enter the name of your network manually. It's easy to assume this provides some kind of safety (if they can't see me I'll be ok!) and ignore the other guidelines about guest accounts and passwords. Don't! Disabling SSID broadcast provides only the illusion of security and will not protect you from anyone who is interested in doing any real harm.