Ask Slashdot: Should Employers Ban Smartphones?

An anonymous reader writes "Due to a concern that smartphones (and other electronic devices) could be infected with malware and used to spy on sensitive information, my employer has recently banned all personal electronic devices from their spaces. The concern comes from articles like this one. My question to slashdot readers: How reasonable is this concern? How can this sort of malware be prevented from showing up on our devices? Is there a way to educate employees about preventing this sort of thing rather than banning the devices altogether? This current reality is that people have started to rely on having their smartphones with them at all times for things such as receiving emergency calls from day cares and schools, making personal calls during normal working hours (i.e. to make doctor's appointments), accessing password managers, and scheduling calendar events."

Ban of outside laptops

[tepples]

Would you ban laptops at work for the same reason?

A lot of businesses do in fact ban laptops that aren't company-owned.

How reasonable is this concern?

[spikenerd]

How reasonable is this concern?

Very reasonable, if your employer is a CA. Not at all reasonable if your employer sells hubcaps. Need more info.

How can this sort of malware be prevented?

Educate employees. (But your next question shows that you already know this.)

Is there a way to educate employees...?

Yes. Employees are not algorithms. That's why we employ them instead of just computers.

This current reality is that people have started to rely on having their smartphones...

Yes, if you want effective employees, you should allow them to use their brains, as well as extensions that make them more effective.

Do you have any questions that lack obvious answers--perhaps something worth discussing in a forum?

Re:No

[L4t3r4lu5]

Personal laptops where the user has keys to the kingdom? Yes, those are banned. Laptops I have locked down and set to our our policies, provided by the company? No, they are allowed. The same applies to smartphones. Any further questions?

Re:what about people in the feild who use them for

[L4t3r4lu5]

People in the field would have a device provided by the company, because the employee would be billing back all related expenditure (data and voice) to the company anyway. That device would be locked down by the IT dept; Both Android and iPhone support device policies and central management now, and BlackBerry was designed for this use.

Not just malware that is an issue

[oobayly]

We were have some pretty bizarre network problems in our office one day - some machines were able to connect to our db server whilst some couldn't, and other could intermittently. Long story short*, somebody's smartphone (Android in this case) was responding to ARP requests (requesting the MAC of the server) even though it was showing its IP address as being assigned by DHCP. I reckon its previous IP on the user's home network was the same as our server, and for some reason kept answering to them.

*Once I realised that packets didn't seem to be making it to the server (pings were intermittent), it dawned upon me to check the ARP tables on the clients. Looking up the manufacturer of the MAC address didn't immediately help as I didn't recognise the name, though I assumed it was a phone. At that stage I wasted time looking through all the phones looking for an IP address conflict (bad assumption). Finally looked up the DHCP leases for the offending MAC, found it's current IP (no hostname was provided by the client), found the offending phone, and very nearly shoved it the arse of the owner.

Re:No persuasion required

[Monsieur Canard]

My company does a lot of DoD work. The policy is: no personally owned electronics may connect to company assets. Ever. We can have personal smartphones (but no notebooks or tablets) as long as they do not have a functional camera. For Android phones the only option is to remove the camera or JBWeld over the lens. For my new iPhone the local AT&T store enabled restrictions on the camera with a password only they know and gave me a letter as such. That's good enough for our security folks. It's not a perfect situation as disabling the camera kills things like having Siri dial phone numbers for me (as apparently that somehow involves Facetime) but it's better than any sort of destruction. Plus I was able to get the camera un-disabled (yeah, I know) when I went on vacation for a week and then have it re-disabled.

Re:Suck it up.

[Anonymous Coward]

surprisingly, brains have not been around forever and your great^1023 ancestors
got along just fine with no brains at all. they just used basic metabolic pathways.

c'mon. life moves on. eventually you'll have to change too, our become a
dinosaur.

Get out much?

[Anonymous Coward]

EVERY worker does not have "a desk", in fact less than 10% of the workers at my present workplace do NOT have "a desk", they have toolboxes on wheels.

Your experience does NOT define ALL reality.

GET OVER YOURSELF!

Re:Ban of outside laptops

[Anonymous Coward]

All the other reasons listed are ones of convienence, not necessity.

Almost certainly. That said, all employees expect a certain amount of convenience, which varies greatly by situation.

I'm an IT guy. If a company I worked for started with the, "no smartphones at work" thing just because they wanted to make sure they were getting every last second of productivity out of you, whilst working you overtime for no additional pay (as this rule will almost certainly be, every time), I'd add it to a list of reasons to go elsewhere.

As with most things, it's not necessarily one thing that makes you leave... it's a lot of things adding to employee dissatisfaction.

Re:No persuasion required

[cellocgw]

Your company may be in the minority (on the conservative end of the spectrum). I've worked for several different DoD contractors over the years, and once they got past the "OMG phones cameras run RUN" stage, they all figured out how to allow personal cellphones, even with cameras, into the main plant area. There are rules, carefully enforced, about maintaining airgaps (and no WiFi) between personal and corporate networks, etc. There's no reason, other than panic or deep-seated distrust of your entire staff, to ban personal devices in the workplace.

Re:No persuasion required

[cayenne8]

Don't live in a city, do you? Work in the farther 'burbs?

I live in New Orleans...I guess that qualifies as a city. I've pretty much always lived in a city....but the only people that ride the buses regularly are the bums and lowlifes that can't afford a car.

I mean...why would I want to spend 2+ hours on a bus with some smelly hobos, changing busses a number of times to get to work, carrying my lunch, my backpack, and possibly my gym clothes (close to work), and my work laptop, when I can jump in my car and get there directly in about 10 min or less (I tend to drive VERY fast).

Sure, some cities have mass transit that everyone can use and works, but most cities I've lived in, either you have to ride with the less than desirables....or it is so inconvenient to have to switch buses numerous times, etc, that it just isn't worth the effort for the perceived reward (saving some gas money?).

During rainy season (which is a LONG time here in NOLA, along with the high heat and humidity), I'd not want to be changing busses and running around all the way to work....I'd definitely not very professional coming into work rained on and sweat soaked from my many bus trips to get here.

Re:No persuasion required

[lgw]

That's an answer straight from the 80s, back when admins thought they should control everything on the network.

In the modern world you want a remote destop (via a product from VMware, Citrix, etc). The users can bring any damn device they please, virus-infested nasty things that they are, but the only access they have to corporate services is a remote desktop connection to a VM in the datacenter.

BYOD is the corporate future. The safe, modern solution is to send "pixels, not files" to those devices, so there's no data at risk.

Re:No persuasion required

[lgw]

In places where desktops are locked down for software install, with choice of images as the only way to get software, trying to support devs usually isn't even on the radar. There's always some tool or utility specific to one dev's preferences that really will make him more productive.

In places where desktops aren' locked down, any decent dev will have root anyhow, soon as he gets around to it. Although, giving Linux devs Windows dev machines would be a particularly evil way to delay the inevitable.

My favorite story is of a group os devs where IT insisted that SMS (the old MS management client, not the mesaging tool) be running on every desktop so that they could inventory and push software to the devs at will. Of course, that started an arms race with the devs getting ever more clever with deleting the SMS client, until managment handed out dire threats to anyone caught deleting it. At which point, thanks to backchannels, an internal test version of SMS (that would respond successfully to any server requests with scripted answers) somehow made it out of MS and into the devs hands. IT never twigged to the substitution.

I've been known to virtualize the image IT insisted I use, so that everything looked just fne to them via their tools, while I could get on with my job using the rest of the machine.