A new survey exploring the impact of mobile devices on information security in corporate environments found that 94 percent of companies have seen an increased number of personal mobile devices connecting to corporate networks. Greater productivity and mobility are the main hoped-for benefits for organisations, but the potential security threats are worrying many organisations.
Typically, organisations that are most concerned by the ‘bring your own device’ (BYOD) trend are those that cannot handle the huge additional workload for their IT departments. You might be capable of securing a spectrum of outside devices if you’re a multi-national company, but probably not if you’re Joe’s Garage in Hoboken – you just cannot cope.
Many employers have quickly reached the end of their tether and a few are now responding with software that wipes any unrecognised device plugged into their networks.
It’s simple – employees can find their personal email wiped by their employer either purposely, to safeguard their systems, or by mistake, if the software treats the alien device as a lost one and wipes its data just to make sure.
Similarly, information stored on an SD card may or may not be wiped via the remote device kill. There are no guarantees for employees or employers with regard to the protection of personal employee information or employer data.
This can happen as part of the corporate policy to handle lost phones and employee terminations. Employees who have infected devices and laptops that cause damage to their employer’s systems could also be subject to negative consequences, including disciplinary action.
Should an employee’s device contain sensitive or proprietary information and the employee move to a new company, any data transferred to the new employer could leave that company subject to serious legal consequences or even allegations of industrial espionage.
The “convenience” of a single shared device can present a legal and logistical minefield that gives the appearance of lowering IT costs while in fact introducing enormous long-term risks.
I guess that many Chief Information Officers who approve employee device usage see this as a nice way to make their bonuses by further reducing costs, while the potential liabilities are above their pay grades.
Perhaps corporate management believes that this is simply a way to get more out of their employees (a type of electronic leash) without having to pay the cost of the devices or service; all without considering the legal consequences.
I recommend that you consult your IT department about how to deal with BYOD. IT may hate BYOD but they have to deal with it in cooperation with senior management, and two-way communication is the key to solving this problem.