CHICAGO (MarketWatch) — In what’s referred to as BYOD, or “bring you
own device,” companies are allowing employees access to corporate
emails, calendars and other company files on their personal phones and
tablets.
But what employees might not know is that they give up a lot of
privacy with that privilege: The company can see everything on your
personal device. What’s more, the company can wipe it all out if you
leave or if the device is lost or stolen. It can also remotely turn on
the camera to find it.
“You get access to corporate resources such
as mail, and an IT manager gets access to your device,” said Dale
Jonathan, director of marketing at FiberLink, which creates management
solutions for mobile devices in the workplace.
Think of BYOD as the junction between your personal and work lives.
As smartphones have evolved from a business device to a consumer one,
users find themselves returning work-related emails at midnight or
responding to Twitter service complaints from home.
“BYOD is actually blurring the line separating business devices
from consumer devices,” said Nitin Bhas, a senior analyst at Juniper
Research. “This consumerization of business devices reflects the change
in consumer attitudes toward bringing in their own devices to the work
place.”
And that’s expected to explode as more smartphones permeate the
marketplace and younger users move into the workplace. Juniper predicts
that the number of employee-owned smartphones and tablets in the
workplace will swell to 350 million in 2014 from nearly 150 million this
year.
At this point, however, allowing you to use your iPad to send
reports, set meetings and create documents is still something of a
conundrum for many companies. Allowing employees to access corporate
email and their calendars through a personal iPhone, Android or
Blackberry drives productivity and customer service. But doing so also
opens the company to corporate espionage, security breaches and a
handful of legal challenges.
“BYOD is an inevitable trend today, but from the security point of
view, it is considered an insecure policy (that) could damage a
company’s reputation and business,” Bhas said.
Use of personal mobile devices soars
Nearly 70% of North American companies support some form of
mobile-device management, according to a recent Forrester Research
study. However, only 8% support all personal devices.
But Forrester calls the tide of personal mobile devices in the
workplace an “oncoming train,” underscoring the challenges companies
face.
“The general trend is that more and more companies are embracing it
as a standard practice across the company or as a limited experiment,”
said Chenxi Wang, principal analyst at Forrester.
On company-owned devices, most understand that when you use the
device you give up every shred of privacy attached to it, even emails or
text messages that have been deleted.
What many will be surprised to learn is they give up all that and
more on personal devices too that are connected to company systems.
In other words, your bosses can see what you did last weekend by
looking at your photos or your text messages. They can also find out if
you ditched work for a ball game by following your GPS record. Anything
you do or install on that device is like an open diary to IT.
When you connect to your company’s email system, you are allowing
your company to download mobile-device management software. That’s
critical for companies because it allows you to get inside the firewall
but lets them keep control of who else or what else — think malware and
viruses — get in.
The software carries a profile that includes security protocols
that may, for example, dictate the number of characters required for
passwords and when a device will be locked out or wipe itself out after a
certain number of failed attempts at inputting a password.
A blanket corporate policy is likely to tell you that when you
consent to use your company’s systems you should not expect privacy or
confidentiality in anything you create, download, display, store, send
or receive.
At the same time, the policies allow the company to access,
monitor, copy and/or disclose any and all information that is stored on
any device tied to the company network.
“If your employer wants to locate where you are, they can do that,”
said Phillip Redman, research vice president for Gartner, Inc., an
information technology research and advisory company.
“It’s the same as if your child is not answering text messages you
can see where the phone has been and find out where your child is,” he
said. “It’s a good reason to have those capabilities but like anything
they can also be abused.”
Employer security vs. employee privacy
No one is suggesting that corporations routinely or even scarcely
exploit their snooping capabilities but workers are alarmed that they’re
giving up so much privacy to get workplace email and calendars. In a
recent Harris study, commissioned by FiberLink, 82% of respondents
considered their company’s ability to track them during on and off hours
an invasion of their privacy.
Some 57% didn’t even know their company had the ability to remotely wipe out personal files like music, pictures and contacts.
It’s not surprising then that 76% of those polled said they would
forgo corporate email if it meant their employers can see what apps are
already fit on the device. And 75% said they would if their employer has
the ability to locate them through GPS, wi-fi signal or cellular
triangulation during work and nonwork hours.
There are plenty of good reasons that companies take such a strong
stance: They have to protect their intellectual property and corporate
secrets.
Most corporate policies will include language like this: to protect
the company from “error, fraud, misuse, alteration, theft, copyright
violation and sabotage.”
What’s missing, however, is complete transparency to users,
FiberLink’s Dale said. “In general we don’t see that a lot of companies
are explicitly telling the users what they have access to.”
One solution would be for companies to implement privacy settings
and policies that assure employees that what they do on a Friday night
isn’t the subject around the water cooler on Monday morning.
Of course, most companies won’t be following your weekend antics or
even tracking your sick-day activities because they simply don’t care.
“The IT department doesn’t necessarily want to snoop,” Redman said.
“They want to respect the privacy of their employees and don’t want to
use that information for their benefit.”
How to protect yourself
If you are using your phone for both personal and work issue, here’s a rundown of what you should know:
By consenting to the mobile-device management software, your
company can see all your apps, photos, text messages, tweets, contacts,
GPS records and Internet activity. It knows what music and games you’ve
downloaded and what meetings or parties you plan to attend.
It can remotely turn on your camera or wipe out the phone — every single thing on it — if it’s lost or stolen.
In some workplaces, such as extremely sensitive research labs, the
software may automatically shut down cameras and recording mechanisms
when you walk near the room.
While the company can track where you went, both physically and on
the Internet, it cannot track how much time you spent on Facebook or
Words With Friends.
Some software can segregate personal uses from business uses and
erase only corporate information, leaving your photos, apps and contacts
in place. But it’s very limited at this point, so be sure you know if
it applies to your device.
Be sure to back up every little thing you want to keep should
something happen to the device, a rule of thumb you should follow even
if you don’t connect to your company’s system.
A future generation of smartphones and tablets could very well
include screens to split your personal from you work uses, so watch for
them.
Understand the consequences of installing the software and
remember that you do have a choice. If you’ve already connected and
don’t know your company’s policy, ask human resources for the
information.
“You have to educate yourself on the risk of having the company
manage you device, even if they only manage it very slightly,”
Forrester’s Wang said. “Understand what the worst-case scenario is to
see if that’s something that is acceptable to you.”
Jennifer Waters is a MarketWatch reporter, based in Chicago.
Source : Yahoo Finance
