Among companies of all sizes, the practice of allowing employees to "bring your own device" (BYOD) is becoming more commonplace. For executives at midsized firms, though, the first impulse might be to reject a BYOD policy. After all, midmarket companies do not have IT departments as deep as those at large companies, which can often handle the wide variety of laptops and mobile devices that employees bring. The concerns about business effectiveness, along with network and data security, will naturally give midmarket executives pause.

A central part of a BYOD policy should be implementing security features on the user end.

However, with the right policy in place, a midsized firm can leverage the advantages of having employees use personal devices for business. These include cost savings, frequent technological upgrades and employee satisfaction. Regarding cost, many corporate BYOD policies require employees to pay for the services on their devices. Businesses get almost no resistance because employees use the device predominantly for their personal affairs. With the price of service and data plans generally falling between $70 and $120 per month, savings are indeed significant.

Further, because employees often upgrade their personal devices every two years and frequently allow software upgrades, companies can benefit from consistently robust performance without having to implement their own hardware and software upgrades. And when employees are using the devices that they prefer, the work experience becomes simpler and more enjoyable, thus enhancing job satisfaction.

Organizational Setup

The first consideration when creating a BYOD policy is to establish who at the company is eligible for the program's privileges. One option might be to allow BYOD for any employee who spends 20 percent or more work hours away from the office. Alternatively, a firm could dictate that only sales and marketing personnel, plus all department heads and executives, are eligible for BYOD. The decision is unique to each firm depending on its primary function, size, structure and culture. The size of the IT department and its ability to monitor security and troubleshoot problems are other considerations that should dictate the scope of BYOD eligibility.

Next, companies must enact measures to secure any device-stored proprietary data and defend the firm's network from intrusion by those who gain unauthorized access to an employee's device. Furthermore, issues such as browsing work-inappropriate sites on the firm's network, as well as the use of social media channels, must be addressed in order to protect the company technologically and legally. A firm's BYOD policy must outline the rules of engagement and dictate minimum security requirements in the form of required software applications. Without compliance, devices cannot connect to company resources. Additionally, because some employees will prefer iPhone products while others prefer Android, a midsized firm's IT personnel must become familiar with how security tools are configured on each type of device.

BYOD in Practice

At this point, IT personnel and BYOD-eligible employees need clear guidance on how IT will address situations such as fixing broken personal devices, offering loaner devices during repairs and troubleshooting problems as they arise. Will IT personnel address only issues with email, calendar and network connectivity, or will they help with all device malfunctions? Either way, these time-consuming situations will offset some of the BYOD-related cost savings previously mentioned, but shouldn't be so onerous as to preclude BYOD at a company.

One highly advisable security protocol to include in a BYOD policy is the mandatory use of lock screens and strong alphanumeric passwords, which prevent one-swipe access to device content and functions. Some employees might find this tedious at the outset, but it must be enforced to protect the company's networks and data. Another recommendation is to prohibit cloud services that are not supported by the company for business purposes. For example, companies can require that proprietary data be stored on company servers and not Dropbox.

Perhaps the most critical aspect of a BYOD policy is the company's insistence that personal devices be subject to "disable and wipe clean" protocols in the event of theft or loss, and "examine and wipe clean" actions in the event that an employee leaves the company. For the former, IT personnel will take remote control of a missing device to permanently disable it and erase all data from its memory. Employees should back up their personal data and photos in the cloud on a regular basis to prevent loss. For the latter, outgoing employees should present their device to IT personnel so that it can be inspected and purged of company data and connections. Firms should have employees agree to these stipulations in writing at the start of their BYOD eligibility.

Does your company allow employees to use portable devices such as smartphones, tablets and laptops? What safeguards do you have in place to handle device theft or loss? Tell us by commenting below.

Rob Carey is an NCMM contributor and a features writer who has focused on the business-to-business niche since 1992. He spent his first 15 years at Nielsen Business Media, rising from editorial intern to editorial director. Since then, he has been the principal of New York-based Meetings & Hospitality Insight, working with large hospitality brands in addition to various media outlets. Circle him on Google+.