Device policies pertaining to smartphones and other technology tools continue to frustrate business owners as they try to balance their needs for security and functionality against employees’ rights to privacy and freedom. At some companies, loose “bring your own device” (BYOD) policies are giving way to stricter “choose your own device” (CYOD) or “corporate-owned, personally enabled” (COPE) policies.
CYOD: Their device, your data
A CYOD policy lets employees buy a device for combined personal and work purposes from an approved list of products. Generally, the employee owns the device with the business retaining ownership of the SIM card and any proprietary data. Many employers pay for the accompanying mobile plan. Sometimes, high-performance devices are made available only to “power users,” while employees with fewer tech-related job requirements must choose from lesser models.
Under a CYOD policy, you can:
- Ensure device compatibility with your systems,
- Require security protections on the devices, and
- Conduct ongoing security monitoring.
It also makes maintenance and support easier for your IT department, because IT staff will know exactly which devices they’ll need to handle.
Some employees may be unhappy with their choice of devices, which can undermine morale and productivity. Then again, many workers appreciate the improved functionality and flexibility of owning a device that connects them to work.
COPE: All yours
If you’re looking for even greater control and security, look into a COPE policy. They’re most common at large companies or those with heavy compliance burdens.
Here, you buy and own the device, which is intended primarily for business purposes. Most policies do allow for limited personal use — such as phone calls and messaging, approved non-work-related apps and some settings customization.
COPE policies are like CYOD policies in that you can configure employees’ devices for maximum security (including blocking certain features or apps and activating remote wipe capabilities). But they go one step further by minimizing personal use and allowing you to retain possession after an employee leaves the company. Another upside: Many employees will view an employer-provided device as a valuable perk.
One downside is you’ll incur higher costs in covering both the purchase price and mobile plans, though you may be able to lessen the hit through volume discounts. In addition, employees may have concerns about their employer-provided devices inevitably containing some of their own information. “Containerization” tools can help alleviate such worries by segregating business and personal data.
A matter of priorities
The right move for your company comes down to priorities. To tighten security and control costs, a CYOD policy may be a reasonable upgrade to an existing BYOD approach. But if you need absolute security, a COPE policy could be necessary.
Bear in mind that you can always customize a policy to best suit your needs. For example, you might apply different requirements to different departments based on the type of work performed and data accessed. Our firm can help you analyze the potential costs of any device policy and make the right choice.
© 2019 Covenant CPA
If you devote all your business’s security resources to fending off hackers and other cybercriminals, you may be unlocking the door, literally, to more basic types of theft. “Creepers” are criminals who gain access to offices or other physical facilities via unlocked doors and social engineering tactics. Once in, they steal proprietary information, inventory, computers and personal property, or gather information that makes it easier to hack your network.
Creepers in action
A major energy company’s Houston office was infiltrated by a creeper who’s believed to have stolen sensitive information, possibly to sell to a rival company or foreign government. Surveillance footage released by the FBI shows a man walking through an unlocked door in the middle of the night. He’s wearing office-appropriate clothing and moves confidently, like an employee who has a right to be there.
A Washington D.C. creeper also looked like she belonged where she didn’t. She walked into many supposedly secure government offices by chatting with employees outside the office, then following them through the door. When questioned, she claimed she’d left her badge at her desk.
In other cases, creepers use uniforms and props such as mops, toolboxes and clipboards to suggest they’re cleaners or that they work for building maintenance. They may wear stolen or forged ID badges, assuming that no one will examine them too closely.
To protect your business’s and its employees’ property, keep all doors locked, even during work hours. Issue keycards and photo-ID badges to workers and instruct them to be on the lookout for possible intruders. They shouldn’t automatically assume, for example, that someone wearing coveralls and carrying a ladder is authorized to be there. And they shouldn’t unlock the door for anyone — even if that person seems like an employee — unless they know for certain he or she is.
If workers are uncomfortable approaching a possible intruder, they should immediately report the person to your office manager, HR director or building security. The stranger in question may well be an authorized visitor, but it’s better to be safe than sorry. Also ask employees to report the presence of former employees, who sometimes are recruited to carry out corporate espionage.
Even if you don’t keep high-value inventory or electronics on the premises, install security cameras. And instruct employees to lock up purses and wallets and to password-protect computers whenever they leave their workspaces — even if it’s only for a few minutes.
Virtual vs. physical threats
Obviously, IT security must remain a priority for all organizations. But don’t let virtual threats blind you to the need to protect against physical ones. Contact us for help preventing fraud and other forms of theft.
© 2019 Covenant CPA
Today’s business technology is both powerful and restive. No matter how “feature rich” a software solution or hardware asset may be, there’s always another upgrade around the corner. In other words, it’s just a matter of time before your company’s next IT project.
When that day arrives, watch out for “scope creep.” This term refers to the tendency of a project’s objective (or “scope”) to gradually expand while the job is underway. As a result, the schedule may drag and dollars may go to waste.
A variety of things can cause scope creep. In many cases, too few users give input during the planning stage. Or misunderstandings may occur between the project team and users, obscuring the purpose of the job.
Excessive implementation time undoes many projects as well. As weeks and months go by, business processes, policies and priorities tend to change. For a new system to meet the needs of the business, the project’s scope needs to be executable within a reasonable time frame.
Ineffective project management is another common culprit. Scope creep often arises when a project manager underestimates the complexity of the tasks at hand or fails to adequately motivate his or her team.
5 steps to success
To stop or at least minimize scope creep, follow these five steps:
1. Distinguish “must-haves” from “nice-to-haves.” Draw a red line between the functionalities your business absolutely must have and any added features that would be nice to have. Schedule the prioritized requirements in the form of phased deliverables during the project’s life cycle. Add “nice-to-haves” to the final phase or, better yet, defer them to future projects.
2. Put agreed-on deliverables in writing. Use a Statement of Work document to clearly outline the stated project requirements. Be sure to cover both those that are included and those that aren’t. Have everyone involved sign off on this document.
3. Divide and conquer. Segregate the project into small, manageable phases. As it proceeds, continue to review and sign off on each phase as it’s delivered, following an adequate testing period.
4. Introduce a formal change management process. If someone demands a change, ask him or her to rationalize the request in writing on a change order form. Then analyze the potential impact, estimate the added cost and time, and obtain consensus before proceeding. Adhering to this step typically eliminates many low-priority demands.
5. Anticipate some scope creep. It’s a rare project, if any, that proceeds exactly as planned. Allow for some scope creep in your budget and timeline.
Improving your company’s technology should be cause for excitement and, eventually, celebration. Unfortunately, it too often brings anxiety and conflict. Tackling scope creep head on can help ensure that your IT projects go more smoothly. Our firm can help you assess the financial impact of any technology solution you’re considering and, if you decide to proceed, set a budget for the job. Contact us at 205-345-9898 or firstname.lastname@example.org
© 2019 Covenant CPA
One thing in plentiful supply in today’s business world is help. Orbiting every industry are providers, consultancies and independent contractors offering a wide array of support services. Simply put, it’s never been easier to outsource certain business functions so you can better focus on fulfilling your company’s mission and growing its bottom line. Here are four such functions to consider:
1. Information technology. This is the most obvious and time-tested choice. Bringing in an outside firm or consultant to handle your IT systems can provide the benefits we’ve mentioned — particularly in the sense of enabling you to stay on task and not get diverted by technology’s constant changes. A competent provider will stay on top of the latest, optimal hardware and software for your business, as well as help you better access, store and protect your data.
2. Payroll and other HR functions. These areas are subject to many complex regulations and laws that change frequently — as does the software needed to track and respond to the revisions. A worthy vendor will be able to not only adjust to these changes, but also give you and your staff online access to payroll and HR data that allows employees to get immediate answers to their questions.
3. Customer service. This may seem an unlikely candidate because you might believe that, for someone to represent your company, he or she must work for it. But this isn’t necessarily so — internal customer service departments often have a high turnover rate, which drives up the costs of maintaining them and drives down customer satisfaction. Outsourcing to a provider with a more stable, loyal staff can make everyone happier.
4. Accounting. You could bring in an outside expert to handle your accounting and financial reporting. A reputable provider can manage your books, collect payments, pay invoices and keep your accounting technology up to date. The right provider can also help generate financial statements that will meet the desired standards of management, investors and lenders.
Naturally, there are potential downsides to outsourcing these or other functions. You’ll incur a substantial and regular cost in engaging a provider. It will be critical to get an acceptable return on that investment. You’ll also have to place considerable trust in any vendor — there’s always a chance that trust could be misplaced. Last, even a good outsourcing arrangement will entail some time and energy on your part to maintain the relationship.
Is this the year your business dips its toe in the vast waters of outsourced services? Maybe. Our firm can help you answer this question, choose the right function to outsource (if the answer is yes) and identify a provider likely to offer the best value. Call us at 205-345-9898.
© 2019 Covenant CPA