The Downside of BYOD: Understanding the Risks for Employees

by Jeff Wiener on September 10, 2014

When the BYOD—Bring Your Own Device—movement caught on it seemed like a win-win situation for everyone involved; employers could cut costs on providing technology to their employees, and employees were able to reduce the number of devices they were expected to use as well as actually use a device they enjoyed. But, as seemingly with all trends that blend private and public life, there’s a catch, one that could ultimately cost users all their personal data.

Over the past few years, as the BYOD movement gained momentum, IT departments began to wrestle with the complex security issues inherent in employees bringing their own unsecured devices to work, attempting to find ways of controlling the flow of data to avoid potentially catastrophic network breaches.

While such security efforts have not always been successful, one such protocol that has gained significant traction is the capability of remotely wiping a device of its contents, allowing companies a backup plan if a device is stolen or compromised. The problem, however, is that many of our favourite gadgets don’t segregate business and personal data, and without such demarcation when a phone or tablet is wiped, everything (including those cute pictures of your kids) goes with it.

According to mobile device management firm Fiberlink, there are four primary reasons for wiping data from a device. First, shift changes stand as the number one reason—devices that are used by multiple workers on different shifts are usually wiped at the end of each shift.

Second, Fiberlink explains, is reprovisioning, wiping that is done when an employee leaves a company. Third, there is violation of compliance policy, that is, doing something contrary to that pesky opt-in document that companies now normally get employees to sign before allowing them to bring their own device to work. Fourth, and perhaps the most obvious, is the loss of the device, due to theft or simple carelessness.

Now granted companies who employ device management solutions often have the option of selective wipes, meaning there are times when only certain data is remotely removed from the device. But still, as Fiberlink notes, of the 81,000 devices it remotely wiped during the first half of 2014, 37 percent, or 30,000 were total wipes with all data lost. Fiberlink does note that the wipes were a mix of BYOD and corporate-issued devices, and notes that it doesn’t have the stats to identify how many total wipes were on personal gadgets, but suffice to say, it happens, and those of us who bring our favourite devices to work need to be aware.

The primary problem for employees who use their own device at work is that, for the most part, they give up ultimate control of the device to the company as part of the terms of use. “Employers are typically making employees opt in to these programs. If you want to use your personal device, you need to do it on the organization’s terms,” Jonathan Sander, strategy and research officer at Stealthbits Technologies, explains.

Now for employees faced with this situation Sander does note that legal action may be an option, but the employee would have to prove that the data they stand to lose has more value than the risk their employer is facing, a “tough burden” indeed.

In the end, as with all things in life, nothing comes without a cost, and in the case of the BYOD movement the cost could be all your personal data, and with smartphones becoming inexorable companions to our everyday existence, that means that a significant portion of your memories, your contacts, and your favorite things could disappear in the blink of an eye.

While some analyst continue to encourage employees to avoid BYOD at all costs because of these risks, others note that simple regular back-up protocols will help mitigate any loss, as all employees really need to do is routinely save their personal data to their home computer. Further, it won’t be long until companies begin to establish automatic backup protocols, because it’s always tough to explain why a company had to delete all those once-in-a-lifetime memories employees have on their phones.

Did you like this post ? TheTelecomBlog.com publishes daily news, editorial, thoughts, and controversial opinion – you can subscribe by: RSS (click here), or email (click here).

Previous post:

Next post: