Equally important is the clear message that if the banner policy is not followed, the employee can receive corrective action, including termination.
But corrective action for what? The policy should state that failure to assist in network and IP protection, and use of tools to circumvent installed protections (removal of virus protection, unapproved encryption, etc.), can lead to trouble. This will be a card you may need to play if things get contentious during your investigation.
"Failure to adhere to this policy or cooperate with network and data protection can result in disciplinary action up to and including termination."
After seeing the data transfer to a home computer and possibly communication on their personal cell phone, you can give the employee the ultimatum: Bring in the home computer and phone for forensic review, or be terminated. Although the employee would be smart not to turn over the personal computer and phone, they usually do, for fear of losing the job. If they refuse, you could add that to the list of violations during your investigation for termination cause - based on the provable fact that the employee has repeatedly been notified of, and has acknowledged, the relevant policy.
An often-overlooked part of the policy should also include the sharing of the user's data, specifically with a third party and/or law enforcement.
"Acme reserves the right to disclose data to law enforcement agencies or other third parties without the employees consent."
This provides one more added layer of protection when sharing private data. During your monitoring activities a wide array of personal data can be viewed and recorded. Expressing early on that the data is not only subject to view, but can be shared with lawyers, police, and others, can also protect your company for litigation.
There is no point in having a banner policy if no one reads it.
When challenged in court, your evidence can quickly be thrown out if it's discovered your policy is hidden in an HR policy book for no one to actually read.
To make sure it's understood you can post it as an auto pop-up--pasting it into
for the user to be reminded each time they power up. Additionally, have the policy acknowledgement process as part of new hire intake process, and include it in your Ethics, Sexual Harassment and other annual policy/training procedures.
The key is to put your best effort in educating your employees that the policy exists AND is enforced, so there is a documented record of their acknowledgement and understanding of the policy.
BYOD doesn't have to bring down your investigation or leave your network and IP unprotected. Even as you build your digital infrastructure to handle the future of BYOD at your company, a strong foundation built with a good banner policy will reinforce your walls and could be the last thread that saves your company.
Sign up for CIO Asia eNewsletters.