ÃÛÌÒÓ°Ïñ

Bring Your Own Device (BYOD) Policy

Overview

Bring your own device (BYOD) is the act of using a personal computing device (computer, tablet, phone, etc.) for work- or business-related activities. ÃÛÌÒÓ°Ïñ (ÃÛÌÒÓ°Ïñ) does not require employees to use self-purchased devices for business operations. Employees who wish to use personal devices must abide by the policy outlined below. ÃÛÌÒÓ°Ïñ is not responsible for the purchase or costs associated with the use of personally owned devices. In response to an increase in personally owned devices being used in the work environment, ÃÛÌÒÓ°Ïñ has established an official Bring Your Own Device (BYOD) policy.

Purpose

This policy applies to employees, faculty, student workers, and any other user who utilizes the network or computing resources provided by ÃÛÌÒÓ°Ïñ for business-related usage via a personally owned device such as:

• Computers: Desktop and Laptops
• Portable storage media: USB storage devices, flash memory cards, CD/DVD ROM
• Mobile devices: Mobile smartphones, tablet computers

Policies

ÃÛÌÒÓ°Ïñ allows staff and faculty to be able to purchase and use their own smartphones, tablets, laptops, or other mobile devices of their choosing to perform work related duties while on campus or at home for their convenience. ÃÛÌÒÓ°Ïñ reserves the right to revoke this allowance if employees do not adhere to the policies and procedures outlined below.

This policy is intended to protect the confidentiality, integrity, and availability of ÃÛÌÒÓ°Ïñ’s internal or sensitive data and its technology infrastructure. ÃÛÌÒÓ°Ïñ’s data classification guidelines provide more information on what constitutes internal, confidential, and public data.

ÃÛÌÒÓ°Ïñ Data Classification: /panthertech/policies_classification.php

ÃÛÌÒÓ°Ïñ reserves the right by request and upon an approved security evaluation to provide limited exceptions to this policy to grant variations in devices and platforms.

No matter the device in use, all ÃÛÌÒÓ°Ïñ students, faculty and staff must abide by ÃÛÌÒÓ°Ïñ’s Acceptable Use Policy.

ÃÛÌÒÓ°Ïñ Acceptable Use Policy:

Security Requirements

• Information classified as Confidential or restricted by any laws or regulations should not reside on the personal device.
• Classification: /panthertech/policies_classification.php
• ÃÛÌÒÓ°Ïñ ITS encourages the use of Microsoft OneDrive as a cloud storage and file sync service that is secure, supported, and encrypted for use with internal and confidential data. ÃÛÌÒÓ°Ïñ email, along with any personal email, is discouraged for use in sending and receiving internal and confidential data.
• All mobile devices such as laptops, tablets, smartphones (iOS/Android), or USB-connected drives and devices used to view, process, or store ÃÛÌÒÓ°Ïñ internal or confidential data must be encrypted.
• Most modern smartphones are encrypted by default, but many laptops are not. ÃÛÌÒÓ°Ïñ Information Technology Services (ITS) recommends Microsoft BitLocker for Windows and macOS FileVault for Mac and Apple computers and devices. Please check /panthertech/pcinfo.php for the latest information.
• All mobile devices used to view or process internal or confidential ÃÛÌÒÓ°Ïñ data must have the ability to be remotely wiped in case of loss, theft, or ÃÛÌÒÓ°Ïñ ITS detecting a data breach and exfiltration of ÃÛÌÒÓ°Ïñ internal or confidential data.
• To prevent unauthorized access, all devices must be password protected using the device’s features; a strong password is required to access the ÃÛÌÒÓ°Ïñ business network.
• The computer should lock itself with a password or PIN if it is idle for 15 minutes or more; 2 minutes or more in the case of a mobile device.
• All due diligence must be used to separate personal use from work use on the same device or across devices. One of the best ways to accomplish this is to create and use a separate user account for work purposes only. If a separate account cannot be created for work use, then maintain separate web browsers for work and personal use. Do not sync a personal web browser account with a work account or devices.
• To prevent attacks and weakness vulnerabilities, all BYOD devices should have developer-supported operating systems with all security patches installed. Please check /panthertech/pcinfo.php for the latest requirements.
• To prevent malware and attack vectors, all devices should have anti-malware software installed. Please check /panthertech/pcinfo.php for the latest requirements.

User Responsibilities

As a user of ÃÛÌÒÓ°Ïñ resources, you have the following responsibilities:

• You are responsible for all traffic originating from your networked devices.
• You are responsible for abiding by all applicable laws set forth by federal, state, and local governments.
• You are responsible for protecting your privacy.
• You are responsible for not violating the privacy of others.

Devices and Support

Technical Support for personally owned devices is limited to the following:

• Troubleshooting network connection issues while on the campus network.
• Troubleshooting and installation of approved ÃÛÌÒÓ°Ïñ software resources.
• Configuration of email clients for connection to the Panthermail (Outlook) system.
• Configuration of the SSL VPN client to allow approved access to secure resources.
• Providing software application support if the software is required to perform job functions as determined by the ÃÛÌÒÓ°Ïñ ITS department.
• Users must notify ÃÛÌÒÓ°Ïñ if a device is acting strange or infected with malware.

Technical Support for services that will not be provided, but not limited to the following:

• Troubleshooting device performance or hardware problems.
• Installation of new or replacement hardware.
• Troubleshooting software applications or cloud services not supported by ÃÛÌÒÓ°Ïñ business functions.
• Installing operating system updates, patches or software applications not required for ÃÛÌÒÓ°Ïñ job functions.
• Backing up device data or migration to another device.
• Third party email clients or accounts.

Risks and Disclaimers

ÃÛÌÒÓ°Ïñ employees who elect to participate in BYOD accept the following risks, liabilities, and disclaimers:

• Lost or stolen devices containing ÃÛÌÒÓ°Ïñ data may be wiped. While ÃÛÌÒÓ°Ïñ will take precautions to prevent the employee’s personal data from being lost in the event it must remote wipe a device, it is the employee’s responsibility to take additional precautions, such as backing up email, contacts, photos, music, etc.
• At no time does ÃÛÌÒÓ°Ïñ accept liability for the maintenance, backup, or loss of data on a personal device.
• ÃÛÌÒÓ°Ïñ ITS provides limited security for wireless access and at no time does the university accept any liability for the security of BYOD devices when accessing the wireless network.
• ÃÛÌÒÓ°Ïñ may elect to discontinue providing computing resources to the BYOD devices at any time.
• ÃÛÌÒÓ°Ïñ reserves the right to block individual devices from accessing the ÃÛÌÒÓ°Ïñ wired or wireless networks if it is deemed a security risk.
• Any BYOD devices that perform ÃÛÌÒÓ°Ïñ business functions are subject to search and review because of Freedom of Information Act requests or litigation that involves the university. Litigation includes warrants, subpoena, and other legal requirements.
• No employee or student worker should expect a guarantee of privacy in communications over the internet or the ÃÛÌÒÓ°Ïñ network.
• Violations of this policy may be discovered by routine maintenance and monitoring of ÃÛÌÒÓ°Ïñ’s electronic communication systems and network, any method stated in this BYOD Policy, or pursuant to any legal means. All employees and student workers consent to ÃÛÌÒÓ°Ïñ ITS monitoring, accessing, investigating, preserving, using and/or disclosing any electronic communications that utilize ÃÛÌÒÓ°Ïñ’s networks in any way, including data, voicemail, telephone logs, Internet use, network traffic, etc., to the extent permitted by law. ÃÛÌÒÓ°Ïñ reserves the right to review, retain or release personal and ÃÛÌÒÓ°Ïñ-related data on personal computing devices to any government agencies or third parties during an investigation or litigation.
• Lost or stolen devices used to view or process internal or confidential ÃÛÌÒÓ°Ïñ data must be reported to ÃÛÌÒÓ°Ïñ ITS within 24 hours by contacting the IT Security Officer at (217) 581-1939, Executive Director for ITS at (217) 581-1942 or ÃÛÌÒÓ°Ïñ ITS Help Desk at (217) 581-HELP. Employees are responsible for notifying their mobile carrier immediately upon loss of a device.

ÃÛÌÒÓ°Ïñ Information Technology Security Incident Reporting Policy: /panthertech/policies_incident.php

Reimbursement

Computer technology purchased for personal use will not be reimbursed by the University. This includes all hardware, software, licenses, internet connectivity, and technology services, including repair or technical support services purchased with personal funds, regardless of intended use.

Compliance

Violations of this policy will be subject to disciplinary action based on the nature of the offense, including - but not limited to - loss of network and computing access and other actions university administration deems appropriate to avoid security-related incidents and unnecessary exposure risks.

Last Date Reviewed: 06/12/2025