For financial services firms, ensuring compliance and security is paramount. Technology decisions play a key role in keeping firms safe. This includes technology choices such as the decision to go with a Bring Your Own Device (BYOD) or Choose Your Own Device (CYOD) policy for mobile devices.
Learn the pros and cons of both BYOD and CYOD approaches, why financial firms should move toward CYOD, and how to implement the policy in your firm.
CYOD vs. BYOD: Pros and cons
Mobile devices have become critical to keeping employees productive. According to the recent Maximizing Mobile Value study by Oxford Economics and Samsung, 57% of employees say mobile devices are now essential to their job.
With a BYOD policy, an employee purchases and controls a phone or other mobile device of their choosing. This means the employee is responsible for making necessary security updates to the device and has the ability to access potentially vulnerable personal applications.
With a CYOD policy, an employee chooses a device from a short list of options provided by the company and shares responsibility with their employer. They can run personal applications but often only through a separate profile or container.
Companies that rely on BYOD as the centerpiece of their mobile strategies are missing out on the opportunity to increase productivity and address privacy concerns with secure containers. The latter can appeal to the 57% of workers who prefer to have separate spaces on their phone for work and personal use, according to the Maximizing Mobile Value study.
CYOD policies are also helping companies improve employee retention. As employers struggle to retain talent, companies that issue devices were more likely to have an annual turnover rate of below 10% (51% vs. 37% for BYOD organizations), the study found.
The value of establishing a CYOD program
A firm’s management may believe letting employees carry their own devices will result in cost savings. But for most organizations, adopting BYOD policies results in only modest savings in the total cost of mobile enablement for employees.
For example, firms that issue mobile devices to employees via CYOD report the highest cost comes from the monthly recurring expense of cellular voice and data plans. According to the study, this costs an average of $42 a month, or $504 a year, per employee for a 250-line mobile plan.
But the same study found that organizations operating a BYOD policy are taking on similar monthly costs in the form of mobile stipends paid to employees. In 2022, the average monthly stipend paid to employees was $40.20.
Yet, when it comes down to deciding which mobile policy to implement, the biggest influence continues to be the balance of cost versus value. While cost is a clear driver behind most organizations opting for a BYOD program, it’s also dependent on the value that mobile devices can provide to the overall business. Organizations choosing their own devices are looking for a mobile approach that provides benefits such as improved productivity, easier management, and improved security. For example, 63% of employer-provided smartphone (EDP) organizations say mobile devices are critical to overall business agility and decision-making (compared to 56% for BYOD organizations).
Compliance and security
Opting for a BYOD program puts more responsibility on employees — including for critical compliance and security measures. Will workers regularly install the appropriate security patches? Will they protect their devices with passwords or biometric authentication?
In a BYOD environment, businesses depend on employees to make the right choices for the company’s security, which can lead to compliance headaches. For example, in 2022, 16 financial firms were fined a combined $1.8 billion after employees discussed business deals and security trades on their personal devices, violating regulations around preserving business communications.
Phones issued in a CYOD program let financial services firms ensure configurations, security, and repair procedures are standardized. With an enterprise mobility management (EMM) or mobile device management (MDM) system, firms can monitor devices remotely and push regular updates through to ensure apps and security patches are up to date.
As employee property, a BYOD phone carries different rules and expectations. Though the firm can ask employees to install an MDM client on their phone, employees may resist company monitoring or limitations when using a personal device.
Other cons of BYOD include increased complications in deploying business apps — due to multiple operating systems and device models — and reduced business agility and customer service availability.
With corporate-liable devices, companies gain greater control over data, apps, and how employees use the devices. With these corporate controls implemented, companies can ensure security protocols are up to date.
What's next for the future of finance?
The defense-grade Samsung Knox security platform is built to protect mobile devices out of the box from the chip up. The optional Knox Suite offers a complete set of tools to secure, deploy, and manage your enterprise’s device fleet including Knox Platform for Enterprise, a solution for secure containerization of work and personal data. Organizations can also take advantage of Knox Configure, a cloud-based solution with advanced configuration tailored to user experience, enabling you to customize every device and display your own brand.
To be sure, it’s possible to manage devices and applications in the BYOD model, but it requires a careful balance. The company’s BYOD policy should clearly explain the requirements for personally owned devices, which applications are allowlisted or blocklisted, and how the company will use EMM to manage the devices.
How to implement a CYOD policy
Samsung recommends an eight-step model for implementing CYOD devices based on 20 years of working with enterprises worldwide on mobility and network security projects. Highlights of the eight steps include:
- Get executive buy-in. Though mobility usually falls to the IT group to implement, the real direction of a CYOD policy must come from the top of an organization. Having an explicit agreement with a firm’s management team on strategy, investments, priorities, and success metrics will help alleviate conflicts on timing and resource allocation.
- Get your policy right. Put a CYOD policy in place to cover what devices and carriers you will use, who is participating, and how much will be paid by the company. A policy should also clarify end-user responsibilities, including expectations for users, what to do if a device is lost or a user leaves the organization, privacy expectations for both sides, and security management settings.
- Get infrastructure up and running. Before deploying devices, put your security and management infrastructure in place. The three infrastructure areas that need attention are MDM/EMM, end-point security, and application delivery controllers.
- Review and revisit the mobility plan. Once a CYOD program is in place, built-in checkpoints let a firm evaluate successes, failures, and needed changes. Plan to speak with application developers, line-of-business managers, end users, and IT teams every 12 to 14 months.
How Samsung can help
We understand the challenge of enterprise mobility. Beyond our portfolio of smartphones, tablets, wearables, and laptops, we offer a broad range of device management solutions to help you plan and execute a CYOD initiative. For example, Samsung provides an affordable, cloud-based EMM solution called Knox Manage, which allows you to manage Android, iOS and Windows 10 devices.
For financial services firms, CYOD policies teamed with a strong technology partner bring clear advantages in increasing adherence to compliance and security requirements.
For a full overview of all Samsung technology solutions for the Finance industry, please visit this page. And sign up for a Samsung Business Account to get exclusive offers, including volume pricing discounts, on our newest devices like Galaxy S23 series, Galaxy Z Fold4 and Galaxy Z Flip4.