BYOD, or “Bring Your Own Device” is a phenomenon that is currently the rage in many companies. But it could completely derail a business purchase.

BYOD is where an employee uses their own mobile phone, tablet or laptop to access company email, data, networks or applications. It it perceived to allow the employees to be more productive and responsive by accessing job related information and applications on their own device, which they have with the all the time. Companies perceive BYOD to be a way to spend less on hardware for employees.  Everybody wins? Right?

BYOD can be a necessity for small businesses that need to deploy scarce capital for product development. They simply can’t afford spending those resources on phones, and other devices even though they are needed to run the business. BYOD can be a positive for larger companies in terms of impact to budget, improved customer response time and better data for real-time decisions.

What about BYOD when it comes to a business purchase?

When it comes time to purchase  a business, what should an acquirer be looking for reading BYOD that could create problems in the deal?

Here are 5 areas that an acquiring company should consider when it comes to BYOD concerns.

1. Access to company systems

BYOD means that employees are able to login to corporate systems easily. Systems such the payroll or accounting system, maybe your sales or customer applications like salesforce. This includes access to corporate websites for monitoring and publishing content or social media posts. Many employees setup their devices to remember login id’s and passwords so that they don’t have to login to a service overtime they check it. This means that if there phone is stolen and unlocked, the thieves could potentially access those corporate accounts in the same way the employee does.

2. Confidential data

BYOD offers access to corporate systems. This means that for some applications you can download data that may be confidential to the company. Email attachments such as sales reports or contracts, files that are accessed from corporate data servers and documents and spreadsheets can all be stored locally on employee devices. Companies that have intellectual property records and documents would need to pay special attention to this.

3. Customer records

BYOD brings a big advantage to employees for dealing with clients and prospects. By having access to up-to-date, real time customer data and records the employee is able to have more relevant conversations with the client or prospect. This access can help close deals and increase revenue. However, if the device were lost or stolen this same customer data could be available to perpetrators. Corporate data breaches are now commonplace and very expensive.  Acceding to the 2015 IBM Cost of Data Breach Study the average consolidated total cost of a data breach is $3.8 million.

4. Departing employees

Acquiring a business sometimes means existing employees are re-assigned or let go, and some may choose not to stay with the new owners. Acquirers needs to carefully analyze the BYOD impacts of a departing employee. Make sure their access is removed and any locally stored data, or copies of data are deleted. Otherwise they could be walking out the door with the keys to the kingdom, or at least part of it. This is a particularly crucial step for departing IT system administrators. They usually have capability in their access to have full control over systems, data or servers. It is imperative that these aspects be clearly walked through for any departing IT or software development employees.

5. BYOD policy mismatch

Prudent companies use BYOD where it makes sense and helps the company objectives. Part of this prudence is spelled out in the BYOD policy the company should have. These policies should try to balance  employee access and convenience with liability and privacy concerns. The acquiring company needs to investigate the policies in place and determine if they are compatible with their own current practice. If not changes will need to be made, communicated, trained and enforced as part of the transition.

Conclusions

These are some of the basic impacts. Certain businesses may have additional concerns when it comes to HIPPA, manufacturing controls and other specialty applications. It is important to consider these aspects in the deal making phase and investigate them thoroughly during due diligence so that deal risks and impacts are known. An acquirer may need to enlist the services of an IT professional to fully investigate the risks and sues. Knowing before the deal is signed helps make the best decision possible.