Devices & Working Anywhere

Using Your Own Devices (BYOD)

Foundational

If you ever use a personal phone, laptop, or tablet for work — email, chat, documents — that device now touches company and customer data, and a few rules apply. The safest default is to use company-managed devices for work; where personal devices are allowed, keep them secure and keep work data inside approved apps.

Personal devices are convenient but riskier: they're not managed or protected the way company devices are, they're shared with family, and they leave with you when you leave. The concern is company and customer data ending up on a device we can't secure, wipe, or account for. Many organisations limit BYOD for exactly this reason.

Follow the company's policy on what you may do on a personal device. Where it's allowed, the rules below keep work data protected; where it isn't, use a company device.

Keep personal devices safe for work

DoFollow the company BYOD policy — only use personal devices for work in the ways it permits, and enrol them in any required management/security.
DoSecure the device: screen lock, encryption, up-to-date OS and apps, and a strong passcode/biometrics (see Your Devices & Updates).
DoKeep work data inside approved work apps, not scattered into personal email, photos, cloud, or notes.
DoDon't let family or friends use a device that has access to work systems or data.
AlwaysUse your own individual work login on a personal device — never a shared account (see Never Share Accounts or Logins).

Don't let work data leak onto personal devices

DoReport a lost or stolen personal device that has work access immediately, so access can be revoked / work data wiped (see Report It).
DoRemove work access and data from a personal device when you no longer need it or when you leave.
NeverSave or copy customer/company data into personal apps, storage, or backups on a personal device (see Handling Customer Data).
AvoidDoing sensitive work on a personal device in a less secure setup when a company device is available and more appropriate.

Ask yourself

AskDoes the policy actually allow what I'm about to do for work on my personal device?
AskIs the device secured (locked, encrypted, updated), and is work data staying inside approved apps?
AskCould anyone else using this device reach work data?
AskIf I lost this device, could work data be wiped — and would I report it fast?

Why it matters: Personal devices are outside the protections we put on company hardware, so work and customer data on them is harder to secure and easy to lose track of. Keeping to the BYOD policy, securing the device, and keeping work data in approved apps means convenience does not turn into a leak.