Just last week, my iPad was stolen from my car. At the time, I had it powered on with my business email account open. Within an hour, I was able to get my service provider to remotely wipe it clean of all data.
While I lost the information and photos I had on the tablet when I wiped it clean, doing so was my choice to make. But in some workplaces, the decision wouldn’t have been mine. An employer could have made it for me.
Mobile is here, and it’s hot. But as more employers embrace the Bring Your Own Device (BYOD) movement, questions abound over whether the workplace and the worker are ready for the heated issues that are cropping up. Concerns with using personal devices for business purposes range from expectations of personal privacy to how to control security breaches.
“BYOD is like the Wild West, rules are being created and changed on the fly,” says Ilan Sredni, an Information Technology expert and CEO of Palindrome Consulting in Miami.
A variety of dynamics are driving the Bring Your Own Device trend. Workers are more satisfied when we use our own preferred devices and using our tablets, smartphones and laptops saves an employer money in buying and maintaining equipment. A recent study by CIOInsight shows companies where employees bring their own devices to work save an average of $1,000 per year per employee in service costs alone.
With continuous new technology, many employees want the latest gadgets and ability to balance their work and home lives on their devices — iPhones and iPads or Android- and Windows-based mobile devices. “For me, the iPad is the best on-the-road solution,” said Jeanette Rodriguez, a Boca Raton financial consultant.
“I can Facetime my family or pull up a document from my hotel.”
At some Broward Health System’s hospitals, doctors roam the facilities with their own preferred laptops and tablets, updating patient orders and scouring records online. Dr. Jean-Jacques Rajter, a Fort Lauderdale pulmonologist and former chief medical information officer at Broward Health, says it’s an advantage to have a portable computer at your fingertips to show an image to a patient with a tap on the screen. He uses a laptop that converts into a tablet, enabling him to review his patients’ office and hospital charts at the same time. He accesses information through a Citrix program that stores information in the cloud, he explains. “No patient information is housed on the device.”
Of course, the hospital has taken security precautions and encrypts the doctor’s personal device so if it is lost or stolen, it remotely will be wiped clean — which protects patient privacy. Even more, if the hospital wants, it can track Rajter’s location through the device. And, Rajter must use the hospital system’s user interface designed for desktops, which he says lacks full functionality for looking at charts. “There’s still tremendous room for improvement in the user experience,” Rajter says. “These are the trade-offs for convenience.”
While the hospital has a formal BYOD program, other businesses are allowing it on a more casual, individual basis. And, with the surge in smartphone and tablet popularity, employees are bringing them to work and tapping into company networks, whether employers permit it or not.
Some organizations are tackling security concerns aggressively, requiring employees to install company-issued security or antivirus software on personal devices to protect corporate data from cyber thieves in public Wi-Fi locations.
Others take it further, blocking workers from downloading certain apps or using the camera on their devices during the business day. Sredni says he advises his clients to take measures that include limiting the use of document-sharing programs and requiring complex passwords on personal devices. “There are multiple parameters we can set, but this area is so raw. People are hesitant to tell somebody, ‘this is what I want you to fill out to use your phone here in the office.’ ”
In general, research shows security strategies are all over the map — and in some cases, not sufficient or nonexistent. The most important thing a business can do is have a policy around use of personal devices and make employees aware of the sanctions for breaking it, says Mark Stein of Higer, Lichter & Givner in Aventura, an intellectual property lawyer who specializes in computer and Internet issues.
“The policy has to be relatively easy to enforce and enforced uniformly,” Stein said. That can be a challenge. A Cisco Systems survey of global information technology professionals and young workers found 71 percent of Gen Y workers said they don’t obey IT policies.
Stein says most risk will come from activities employees do on their phones that have nothing to do with their jobs — making discriminatory comments on email, running illegal side businesses online or posting on social media sites. A policy could ban using the corporate network from a personal device or give the employer the right to search a personal device. It may also need to address who the information on the device belongs to if the worker leaves or gets fired. “There is not a one-size-fits-all model for policy around BYOD, but if a business isn’t dealing with it yet, it will have to at some point,” Stein says.
Clients are stepping into the conversation, too. The country’s biggest banks and financial institutions are conveying an anti-Bring Your Own Device message to their law firms, accountants and service providers.
Recently, the global chief operating officer of Goldman Sachs’ legal department publicly announced said he is concerned over a potential breach in confidential financial information and doesn’t mind if his lawyers have personal smartphones in their pockets — he just doesn’t want them to use the same devices for business.
Home Financing Center of Coral Gables, a large South Florida mortgage lender, has a similar concern over keeping customers’ personal information confidential.
It has blocked employees from accessing company information from a personal laptop or mobile device and it restricts employee use of personal cellphones at the office to emergencies only, says John R. Allen, vice president of operations.
But even as companies try to limit BYOD, technology is advancing to make it more practical for workers who argue it increases their productivity. Kevin V. Michael, managing partner of Invizio in Coral Gables, which manages technology for small businesses, says technology already exists that allows users to sign in with a business or personal profile and access different information and applications or add a work phone number to a personal cellphone. “Those technologies to support multiple identities are still evolving and we expect that to get even better.”
Still, the biggest issues around BYOD may be the ones the employees themselves raise. Does the information on personal tablets or phones go with them to new employers? Does the boss even need to know you’re using your personal devices for work purposes and if he learns, can he access information on it? And, of course, the ultimate concern is whether employees are owed overtime for their off-the-clock use of mobile devices.
“With a personal device, there’s a traditional expectation of privacy,” said Niza Motola, special counsel with Littler Mendelson in Miami. “Employers may ask workers to sign something that gives them no expectation of privacy.”
Motola says the BYOD trend has made it evident that with the rapid advance of technology, the laws and workplaces haven’t caught up. “The lines are blurred on what’s personal and what’s professional at work and that’s only going to get more obvious.”