Welcome to the Brave New World of BYOD. While some prefer to use the conventional acronym’s definition of Bring Your Own Device, IT managers all over the world are starting to refer to it as Bring Your Own Disaster. At first glance BYOD is a wonderful solution for both companies and their employees: Workers can use whatever device they are familiar with and prefer, regardless of format or operating system, and the companies get to save the outlay for purchasing these devices which in the case of a well-equipped iPad can reach well over a thousand dollars. Where the disaster aspect comes in is when the security aspects and the legal ramifications are considered, in which case we enter the territory of sheer nightmares.
Total confusion about BYOD policies
According to a recent study by GLOBO, the current state of BYOD is little more than foggy confusion:
- 68% use their own mobile devices for work.
- 29% say that their company has a BYOD policy in effect.
- 14% don’t know if their company currently has a BYOD policy.
- 91% don’t know if their company plans to implement a BYOD policy.
- 42% don’t know if their company has full access to their mobile devices through their BYOD policy.
- 93% would not participate in a BYOD program if the company wants access to their info such as contact addresses and email text.
- 69% would not consider breaking a BYOD company policy even if they were secure they wouldn’t get caught.
Security colander & legal minefield
The primary drawback to a BYOD policy is the security aspect, or lack thereof. It is this security lapse which not only creates problems for the IT department but also massive headaches for the legal department.
- Invasion of privacy. The simple act of an IT employee accessing an app used for work on a BYOD device might also expose them to legally protected information such as theological practices, medical history, or sexual orientation, opening the door to complex and expensive lawsuits.
- Remote deletion. An IT manager has the capability to institute a remote wipe once the worker leaves the company which deletes all data on the device in question. This will remove not only data which was accumulated for work purposes but also the individual’s emails, records, apps, images, videos… in short, everything.
- Legal device seizure. If there is legal action between the company and the employee, their device can be legally seized and each byte examined by corporate attorneys. As in the case of remote deletion, this is something most BYOD workers are not aware of and would be incensed if it ever happened to them.
- 24/7 surveillance. Some companies exercise the capabilities built into remote devices to keep track of where their employees are and what they’re doing when not at work. Class actions lawsuits by employees against companies which take these actions have already been launched.
- Illegal personal content. There’s a lot of nasty people on the internet and they’re doing a lot of nasty things. If a personal device were to be analyzed by law enforcement agencies and illegal content were to be found on it, intermixed with the legitimate company data or possibly even accessed through an app which was paid for by the company for business use, the legal entanglements for the company could be horrific.
- Phone number departure. Many employees provide their smartphone numbers to their company clients on a regular basis so that they can be reached wherever they are. This procedure leads to serious problems when the employee leaves the company, possibly to work at a competitor, and the clients continue to call them on their mobile numbers to transact company business… which is now being directed to the enemy camp.
- Compliance impossibility. There are a number of compliance regulations which are mandatory on many businesses, such as GLBA and HIPPA, which technically can only be enforced on devices which are owned by the company.
Businesses are caught in a no-win scenario since it seems that there is a lack of clear understanding of the security and legal issues on either side. Beware Your Own Device!