Forgot your password?
typodupeerror
Businesses

Ask Slashdot: Should Employers Ban Smartphones? 510

Posted by samzenpus
from the no-phone-for-you dept.
An anonymous reader writes "Due to a concern that smartphones (and other electronic devices) could be infected with malware and used to spy on sensitive information, my employer has recently banned all personal electronic devices from their spaces. The concern comes from articles like this one. My question to slashdot readers: How reasonable is this concern? How can this sort of malware be prevented from showing up on our devices? Is there a way to educate employees about preventing this sort of thing rather than banning the devices altogether? This current reality is that people have started to rely on having their smartphones with them at all times for things such as receiving emergency calls from day cares and schools, making personal calls during normal working hours (i.e. to make doctor's appointments), accessing password managers, and scheduling calendar events."
This discussion has been archived. No new comments can be posted.

Ask Slashdot: Should Employers Ban Smartphones?

Comments Filter:
  • by Anonymous Coward on Monday January 07, 2013 @11:17AM (#42504973)

    You have asked an audience that knows just how ingrained smartphones are to our everyday lives. The last half of your question is a "given."

    The burden of proof is on the employer to show that no other mitigating measure can address the risks. Summarily banning child protecting, emergency-aleviating technology, not to mention the tools with which we coordinate the rest of our lives, is truly bad form and will bite the employer more often than they know.

    If you are working with sensitive documents, these people will remove the camera from your iPhone for $20:
    http://www.iresq.com/iphone-camera-removal.html [iresq.com]
    Want to do the whole office? A 79 cent roll of electrical tape will do the trick.

    The problems are solvable and worth solving. That management favors solutions that are simply a matter of writing policy, is in their nature, so don't sit in the dark and bitch, fix the bulb.

    • by Anonymous Coward on Monday January 07, 2013 @11:34AM (#42505209)

      The burden of proof is on the employer to show that no other mitigating measure can address the risks.

      My current employer has banned all personal cellphones and personal laptops for some time. It is really not that hard to get around, and the burden is not on them to prove anything. You are paid to work and presumably want your job. If not having your pacifier with you at all times makes you that uncomfortable, find a different job. Or you can give out your work number for emergencies or set your cell phone to automatically forward calls during business hours to your desk phone. If you need to make a personal call that you do not want to/cant make from your desk line, go out to your car during lunch and make it.

      That management favors solutions that are simply a matter of writing policy, is in their nature, so don't sit in the dark and bitch, fix the bulb.

      So if a concern is the microphone on the phone you have no problem filling that with epoxy?

      • by tepples (727027) <tepples@nOSpAM.gmail.com> on Monday January 07, 2013 @11:35AM (#42505227) Homepage Journal

        If you need to make a personal call that you do not want to/cant make from your desk line, go out to your car during lunch and make it.

        What do you recommend for people who use public transit instead of driving to work?

        • by luis_a_espinal (1810296) on Monday January 07, 2013 @12:15PM (#42505719) Homepage

          If you need to make a personal call that you do not want to/cant make from your desk line, go out to your car during lunch and make it.

          What do you recommend for people who use public transit instead of driving to work?

          Go outside and make the call? I mean, how many people are out there working in submarines, underground silos or a bunker in the middle of the Mojave Desert for whom the simplest, most general case solution is not applicable?

        • by rwv (1636355)

          If you need to make a personal call that you do not want to/cant make from your desk line, go out to your car during lunch and make it.

          What do you recommend for people who use public transit instead of driving to work?

          If your employer is paranoid about security, I'd expect them to have a security desk in the front of the building. If there is a security desk, I'd think that instituting a policy where the guards will trade numbered cards for phones when you enter/exit the building would be reasonable (hint: the cards correspond to numbers cubby holes where your phone is stored safely throughout the day).

      • You are paid to work and presumably want your job. If not having your pacifier with you at all times makes you that uncomfortable, find a different job.

        Exactly. And if the company can't find anybody competent to fill your role, it's their problem.

        The only thing wrong with this argument is that companies always go screamming to the government, asking for help.

        • "The only thing wrong with this argument is that employees always go screaming to the government, asking for help."

          FTFY.

        • by schnell (163007) <me@schnell.REDHATnet minus distro> on Monday January 07, 2013 @12:32PM (#42505957) Homepage

          This whole question is based on a false premise that personal and corporate smartphones can't be managed. The answer is very simple:

          Are these work-mandated/provided smartphones that have access to the company e-mail/intranet system? If so, then the company needs to invest in Mobile Device Management (MDM) software like Good, MobileIron or even a BlackBerry BES and lock down which apps end users can install, what can be downloaded or forwarded, etc.

          Are these personal smartphones? Don't provide any access to the company e-mail/intranet or any other system on non-company devices so whatever malware you decided to install has no impact on the company.

          Whether personal smartphones are allowed in a business should not even be a question unless you work in an environment where employees taking pictures of documents, people or facilities is a security risk (the government has a lot of these environments), and generally in those cases you are not allowed electronic devices in those restricted facilities, period - work or personal.

          BTW the linked Washington Times article (quality news source, there) describes a proof of concept app but does not describe the platform(s), attack/delivery vectors or anything else about how you would actually hijack a phone in this way. I'm pretty sure it wouldn't get approved in Google Play, the iOS App Store, or any other reputable app source. So if your employers are afraid of that, then they need to up their med dosages.

          • by lgw (121541) on Monday January 07, 2013 @03:01PM (#42507885) Journal

            That's an answer straight from the 80s, back when admins thought they should control everything on the network.

            In the modern world you want a remote destop (via a product from VMware, Citrix, etc). The users can bring any damn device they please, virus-infested nasty things that they are, but the only access they have to corporate services is a remote desktop connection to a VM in the datacenter.

            BYOD is the corporate future. The safe, modern solution is to send "pixels, not files" to those devices, so there's no data at risk.

      • Re: (Score:3, Insightful)

        by Anonymous Coward

        That sounds like an awful company to work for. Fact is, employers demand longer and longer hours for less pay. People still need to do other shit in their lives despite those demands. So a complete ban on personal computers, personal internet use is just controlling and mean. Enlightened employers get higher productivity from their staff by just not being dicks. Not so hard to work out, is it?

    • by Monsieur Canard (766354) on Monday January 07, 2013 @11:48AM (#42505383)

      My company does a lot of DoD work. The policy is: no personally owned electronics may connect to company assets. Ever. We can have personal smartphones (but no notebooks or tablets) as long as they do not have a functional camera. For Android phones the only option is to remove the camera or JBWeld over the lens. For my new iPhone the local AT&T store enabled restrictions on the camera with a password only they know and gave me a letter as such. That's good enough for our security folks. It's not a perfect situation as disabling the camera kills things like having Siri dial phone numbers for me (as apparently that somehow involves Facetime) but it's better than any sort of destruction. Plus I was able to get the camera un-disabled (yeah, I know) when I went on vacation for a week and then have it re-disabled.

    • by PmanAce (1679902) on Monday January 07, 2013 @11:52AM (#42505447) Homepage

      Summarily banning child protecting, emergency-aleviating technology

      What happened to giving them your work place number like you know, your parents did? Children were just as safe before smart phones...

      not to mention the tools with which we coordinate the rest of our lives

      I don't agree with this at all. 10+ years ago we didn't use smart phones and we coordinated the rest of our lives just fine.

      The problems are solvable and worth solving. That management favors solutions that are simply a matter of writing policy, is in their nature, so don't sit in the dark and bitch, fix the bulb.

      I think management just wants you to do your job and not have you sit there browsing facebook on your phone, texting your friends or calling for appointments while you are getting paid.

      • by Cigarra (652458) on Monday January 07, 2013 @12:25PM (#42505843)
        "10+ years ago we didn't use smart phones and we coordinated the rest of our lives just fine."

        It's quite a different world ten years ago.
      • 10+ years ago we didn't use smart phones and we coordinated the rest of our lives just fine.

        What are you doing on /.? Back when I was in high school, there was no public Internet access, and we managed just fine!

        Times change. Expectations change. Communication mediums change. There are technologies available to allow BYOD in a safe manner; we are starting to look into such tech where I work, since we understand that, like it or not, employees WILL be bringing smartphones and tablets into the workplace. You can either recognize that people are going to bring their own devices to work and s

      • by mycroft16 (848585) on Monday January 07, 2013 @12:59PM (#42506301)
        "10+ years ago we didn't use smart phones and we coordinated the rest of our lives just fine." This argument is ridiculous. It assumes that nothing in the world has changed, which is obviously flawed. It's like saying that people didn't use cars in the 1830's and still got around just fine, so why should we be using them now? Progress and innovations are made to make things easier and more accessible. Rather than carry a 12 month calendar around everywhere you go, or a planner as a separate book, now you have your email, calendar, to dos, notes, voice recordings, phone, etc all in a single device that fits in your palm. No more need for a briefcase worth of crap. Just a single phone. Sure people got along find 10+ years ago, using the best that was available to them at the time. And so should we.
      • Ten years ago, when I took public transportation to work, then took a cab from work to dinner, I would be able to use a pay phone to make a call that night if necessary.

        Now, pay phones are gone, because I and everyone else have cell phones.

        Of course, you could go back and point out that in 1924 I wouldn't have access to pay phone for that call either, and I would need to catch a ride home on a trolley for a nickel to check in with the nanny. But that's just as silly as the argument you're making now.

        The wo

      • Children were just as safe before smart phones...

        No they weren't. Violence against children has declined significantly in recent years. It is debatable how much of this is attributable to smartphones, but children certainly were not safer in the "good old days."

    • by shawn(at)fsu (447153) on Monday January 07, 2013 @12:10PM (#42505683) Homepage

      Removing smart phones is the easiest and most secure way to handle these issues. The burden of proof is to prove that there exists ways that are just as secure. For example If you work in a DoD environment then you have to accept the possibility that you're not going to be able to bring your device in the building. It sucks sometimes sure but if the risk is information coming in or going out then this helps mitigate it a great deal.

      • by Belial6 (794905)
        If you are working for the DoD, fine. For the person working in a real estate office, no it isn't. There is no security, and banning cell phones is just being a petty tyrant. The same 99% of other jobs. Heck, I have known accounting firms that literally outsource work to India. Security is always shades of gray. Going nuclear on smartphones because they are new and scary while outsourcing data entry to inmates in a prison is not being "secure".
    • by Runaway1956 (1322357) on Monday January 07, 2013 @12:20PM (#42505785) Homepage Journal

      Burden of proof? WTF is that all about? We have problems with phones in our plant. They haven't been banned - yet. But we have problems with people's attention being distracted from their jobs. An issue that has never been addressed at our plant, is the possibility of "sensitive" and "secret" documents being recorded. Trade secrets are trade secrets, easily recorded and sold to whoever might be interested in them when everyone carries a phone with a camera.

      There is no "burden of proof" - if management becomes aware of risk, they can ban anything and everything that they deem to be a part of the risk.

      We also suffer from vandalism. So far, it has been confined to physical vandalism of equipment. Some day, some bright boy is going to figure out that he can plug in a WIFI, and use his smart phone to introduce anything he likes to the computerized equipment. The older equipment may not recognize a WIFI device, but the newer machines certainly do.

      Bad form, you say? This is the United States, in the year 2012. Management has dismissed half of the lessons ever learned about keeping personnel happy. They don't give a damn about happy employees. There are four or five applicants for every job that opens up. They don't NEED to keep more than some key personnel happy. Even junior management is subject to layoff at any time.

      Bad form and burden of proof, you say. Either you are a very lucky person, and have a really great job where management actually thinks about you and your needs - or you're stuck in the mid-1980's. Nowadays, management doesn't even measure their turnover rates among labor, skilled labor, and trades people. Moving up the chain of command, there is a little superficial "caring" shown to the engineers, and a little more "caring" for junior management.

      More, the states are backing up employers far more than they did in past decades. I think it was Michigan that just became a "right to work" state. The employer need prove nothing - the employer rules, and you obey. There is no civil right being infringed if the employer bans your electronic toys during work hours.

      • by sjames (1099) on Monday January 07, 2013 @02:13PM (#42507253) Homepage

        I know this may come as a surprise to you and the rest of corporate America, but nobody gives a crap about your secret documents. Really, nobody cares at all. Sure, it's fun to play "secret agent man', but nobody is actually clamoring for them.

        Most of your double deep dark secret methods and techniques are actually SOP at any company in your field. REALLY! The rest are obvious but only applicable to the particular situation at your company.

        If you actually had worthwhile secret documents, someone would have already sold them in exchange for a nice retirement to a tropical paradise somewhere. There was a time when employee loyalty might have prevented that, but it went out the window the day after loyalty to employees did. If your employer REALLY had secrets that were worth anything, it would pay above average, offer generous vacation time and other perks and generally treat it's employees as if they held the future of the company in their hands. But that costs money, so it's out of the question.

      • So because management can treat employees like shit, they will. Sounds like a bunch of great people. What ever happened to just being a pleasant person? You know, the whole "do unto others" thing. Yes, I know, making that widget is all that counts in this world. It is after all how you put food on the table.

        What a miserable existence. I would rather be dead.

      • "Bad form and burden of proof, you say. Either you are a very lucky person, and have a really great job where management actually thinks about you and your needs - or you're stuck in the mid-1980's."

        Or he's employed in a first world country other than the US. If that's luck or not, I'll leave up to your judgement.

        I do know, as a dutch IT worker cooperating with foreign companies from a few different parts of the world, that I'd never want to work for an American company. Very little vacation, very inefficie

  • No (Score:5, Insightful)

    by Eightbitgnosis (1571875) on Monday January 07, 2013 @11:19AM (#42504999) Homepage
    Would you ban laptops at work for the same reason?
    • by tepples (727027) <tepples@nOSpAM.gmail.com> on Monday January 07, 2013 @11:26AM (#42505089) Homepage Journal

      Would you ban laptops at work for the same reason?

      A lot of businesses do in fact ban laptops that aren't company-owned.

      • by TubeSteak (669689) on Monday January 07, 2013 @11:39AM (#42505265) Journal

        A lot of businesses do in fact ban laptops that aren't company-owned.

        Exactly. You have a work phone number in exactly the same way that you have a work computer.

        I don't really think "but daycare and school" makes for a compelling argument.
        They have your work number on file, let them use it.

        All the other reasons listed are ones of convienence, not necessity.

        • by Anonymous Coward on Monday January 07, 2013 @11:54AM (#42505469)

          All the other reasons listed are ones of convienence, not necessity.

          Almost certainly. That said, all employees expect a certain amount of convenience, which varies greatly by situation.

          I'm an IT guy. If a company I worked for started with the, "no smartphones at work" thing just because they wanted to make sure they were getting every last second of productivity out of you, whilst working you overtime for no additional pay (as this rule will almost certainly be, every time), I'd add it to a list of reasons to go elsewhere.

          As with most things, it's not necessarily one thing that makes you leave... it's a lot of things adding to employee dissatisfaction.

    • Re:No (Score:4, Informative)

      by L4t3r4lu5 (1216702) on Monday January 07, 2013 @11:31AM (#42505167)
      Personal laptops where the user has keys to the kingdom? Yes, those are banned. Laptops I have locked down and set to our our policies, provided by the company? No, they are allowed. The same applies to smartphones. Any further questions?
      • Re:No (Score:5, Interesting)

        by jimbolauski (882977) on Monday January 07, 2013 @11:51AM (#42505435) Journal
        We allow personal laptops and smart phones but we have two internal networks one that is for the unclean and one for verified systems. The unclean network only allows access to to the internet and a few of our internal systems, email, calendars, and contacts, only stuff that is exposed to the outside all ready. Plugging in an unverified computer into the clean network will usually cause our IT guy to come find the person. I got dinged for that after plugging in a Micro-Controler board that was not recognized by the network in about 5 minutes.
      • I'm glad I've never worked for a company like that.

        I've worked somewhere a tiny bit like that, but they were still allowed to give out everything except "sudo bash" access. The sysadmins knew that it was effectively equivalent. But they generally knew that anyone who could figure it out could root the machine anyway should they need to. So they stuck to the letter of the rules very closely.

        And for some reason laptops didn't have the same rules as desktops. Neither did embedded kit. So I had one workstation

  • Suck it up. (Score:2, Insightful)

    by gti_guy (875684)
    Surprisingly smartphones have not been around forever and little Johnny & Sally still managed to make it thru daycare okay. If there's an EMERGENCY, outsiders can call your employer's main number and ask for you. You get paid to work, not deal with personal matters.
    • Re: (Score:3, Insightful)

      by nospam007 (722110) *

      " You get paid to work, not deal with personal matters."

      Amen brother!
      This view illustrates that people at work are busy organizing their private lives, making doctor's appointments, calling family, brokers, schools, daycare, tweeting nonsense and updating their online presence and other crap instead of doing their fucking job and they apparently feel entitled to it.

      • Re:Suck it up. (Score:5, Interesting)

        by Anonymous Coward on Monday January 07, 2013 @11:33AM (#42505181)

        As long as my job pays me for every minute they intrude into my personal life or past the 8 hours a day I owe them, sounds fine with me.

      • Re: (Score:2, Insightful)

        by Anonymous Coward

        No, I'm on salary. I get paid to make my skills available to my employer and complete the work I need to do. If you want to pull that bullshit you make me hourly, and do not bother me outside the 9-5 unless you want me to bill you for it. Oh, and expect the additional annoyance from me like reimbursement for all the home electrical power being used to charge your company cellphone and run my company laptop. Ditto for ISP charges.

        Asshat.

      • " You get paid to work, not deal with personal matters."

        Amen brother! This view illustrates that people at work are busy organizing their private lives, making doctor's appointments, calling family, brokers, schools, daycare, tweeting nonsense and updating their online presence and other crap instead of doing their fucking job and they apparently feel entitled to it.

        Your forgot /.

      • Sure, no problem, if you live in the 50s and have a nonworking wife who doubles as a personal servant. Absent of that, I'm sure the company won't mind paying for a personal concierge to manage my doctor appointments, arrange for the plumber and/or electrician and go to my house and wait for him, her or it until arrival in that 4 hour window, pick up the kids from school, take care of them when they're sick, pick up the car when it's ready.

        A smart phone is a cheap solution. Texts are quicker and more concise

      • Re:Suck it up. (Score:5, Insightful)

        by MightyYar (622222) on Monday January 07, 2013 @12:36PM (#42505999)

        Am I too old or something? We always ran our personal lives from work, but it used to be a lot more invasive. You couldn't take care of many things online, so you had to leave work during working hours to take care of it. Any time you needed customer service, you had to use the telephone at work. You'd have errands to run, so you would either come in late, take an extended lunch, or leave early. Expecting a call? You had to hover near your desk so that you wouldn't miss it.

        I won't defend tweeting, updating Facebook, and the like - but I think that most employers recognize that letting people take care of some personal stuff while at work ultimately improves productivity.

    • My daycare insists on my work number or I can't drop the kids off. I think making personal calls or text msging is the big problem. If you need to make a doctor apointment you can easily do that from your desk. Where I work I can bring whatever phone I want but half the time there is no cell service anyway.
    • A lot of people I know are using their personal smartphones for work, including me. Check on a server, bring up an app. Check out the WiFi, bring up another app. I have tons of apps on my personal phone that have saved countless hours diagnosing issues

      Fact is, an awful lot of employers should be kissing our asses for using our own personal devices to be more productive at work.

    • Question: Did you post that response on Slashdot from work?

    • Re:Suck it up. (Score:4, Insightful)

      by K. S. Kyosuke (729550) on Monday January 07, 2013 @11:46AM (#42505353)

      Surprisingly smartphones have not been around forever and little Johnny & Sally still managed to make it thru daycare okay.

      You make it sound as if the advent of smartphones was the only thing that changed since the fifties. Guess what, people are now required to be "time flexible", and I guess the society changed in many other ways that make it desirable to be reachable.

      If there's an EMERGENCY, outsiders can call your employer's main number and ask for you. You get paid to work, not deal with personal matters.

      And that switch to the desk phone makes that call somehow...impersonal?

    • Re: (Score:2, Informative)

      by Anonymous Coward

      surprisingly, brains have not been around forever and your great^1023 ancestors
      got along just fine with no brains at all. they just used basic metabolic pathways.

      c'mon. life moves on. eventually you'll have to change too, our become a
      dinosaur.

    • by SmallFurryCreature (593017) on Monday January 07, 2013 @11:58AM (#42505535) Journal

      My god, this attitude is amazing, what primitive part of the world did you grow up in? Most normal employers realize that work and private live are not so easily seperated and simply allow the two to intertwine. If I ask someone to stay late because of deadlines, can I then deny them time to make calls during office hours to arrange private things? Hell, this must be an American thing. Do you also object to people using the company printer?

      Of course, normal people realize there is a line, you can print out a form, your CV is a bit touchy and you do NOT print out a thousand copies of your novel but come on!

      If your tried that master slave attitude in Europe, you would find yourself soon with no employees left.

      Unless there is a VERY real need for security, everyone carries a mobile phone with them in Europe. The idea you shouldn't answer a personal call during office hours is just so 19th century. Come on, join us in the future, we got cookies!

      Ten to one this gti_guy doesn't have a job, lives in a trailer on government assistance and whines about all those leeches living of the state.

      People good enough at their job to have one know they are valuable and companies are willing to keep them happy.

      • by Anonymous Coward on Monday January 07, 2013 @12:24PM (#42505825)

        No, it's certainly not an "American" thing. It's a bunch of indignant unmarried, childless aspies who've never actually faced the problem spouting off about their "issues" with policies like this. And I'm pretty sure there's no national boundaries for that.

        Most employers have a "reasonable personal use" policy. If you're spending hours on the phone gossipping with your neighbors, then yeah, you'll probably be talked to. Have to take a short break to call the doctor's office to schedule a checkup? Call your wife to ask her to pick up the kids because you're going to be stuck at the office a little later than expected? Call the plumber to come fix that frozen pipe? Arrange with UPS to pick up the package at their delivery center since you won't be home to receive it? Get a call from daycare to let you know that little Johnny just had an allergic reaction?

        These are all typical things you might need to do during the day, and these are all typical things that corporate "acceptable use policy" will deem "acceptable use," except for certain very specific cases - i.e., DoD contracting, very very secret "trade secret" work, etc. Most companies won't allow you to connect personal devices to the corporate network, but more and more of them are setting up secondary "internet only" networks for phones, tablets, personal laptops, and the like. This concern about "they could hijack your phone and take pictures of your facility and map the interior!" is silly for anybody who doesn't work in a top secret facility.

        Here's an easy rule of thumb test: if you can bring your kid into your office and let them sit around there with you... you don't need to restrict cell phone use.

    • You get paid to work, not deal with personal matters.

      I hear this argument a lot when the topic of personal calls / errands during work hours comes up. And it’s true of course. the real question is how your employer establishes that you have fulfilled the day’s obligations. Have you done what was asked of you? Or have you kept your seat warm for 8 hours? The two are not the same.

      There are some employers who are very clear on this: they expect you to work for 8 hours, no personal stuff al

  • by Joe_Dragon (2206452) on Monday January 07, 2013 @11:23AM (#42505049)

    what about people in the field who use them for work???

    also useing a smart phone is cheaper then cell phone + data card in a laptop.

    • by L4t3r4lu5 (1216702) on Monday January 07, 2013 @11:37AM (#42505243)
      People in the field would have a device provided by the company, because the employee would be billing back all related expenditure (data and voice) to the company anyway. That device would be locked down by the IT dept; Both Android and iPhone support device policies and central management now, and BlackBerry was designed for this use.
    • Then it's a company-issued phone with company-controlled software. That means no angry birds or other goofing-off apps.
      If you're allowing BYOD for company use you're asking for problems, but that too is manageable with the proper software containerization.
  • by Raven42rac (448205) on Monday January 07, 2013 @11:25AM (#42505083)
    Someone has to say it, may as well be me. What is this MSN?
    • Someone has to say it, may as well be me. What is this MSN?

      Nope. It's a serious news source: The Washington . . . Oh, wait. Nevermind.

    • by asylumx (881307)

      What is this MSN?

      No, but this is "Ask Slashdot" (ask.slashdot.com) -- I do expect the headline to contain a question and the answer to not always be "no."

  • by alphatel (1450715) * on Monday January 07, 2013 @11:26AM (#42505091)
    Anything that can breach security in a government setting is worth withholding indefinitely until a practical policy can be approved which reduces risk to near zero.
    For unrelated/unregulated industries, this approach is unreliable, impractical, unprofitable, and let's face it, just plain stupid.
  • by alen (225700) on Monday January 07, 2013 @11:29AM (#42505129)

    if you work in a sensitive area then expect high security
    if you work for a US GOVERNMENT agency around classified information then you're probably following these rules already
    if you work in a start up with cool tech you might expect something like this

    if you work in your average workplace no one is going to care

  • by spikenerd (642677) on Monday January 07, 2013 @11:30AM (#42505141)

    How reasonable is this concern?

    Very reasonable, if your employer is a CA. Not at all reasonable if your employer sells hubcaps. Need more info.

    How can this sort of malware be prevented?

    Educate employees. (But your next question shows that you already know this.)

    Is there a way to educate employees...?

    Yes. Employees are not algorithms. That's why we employ them instead of just computers.

    This current reality is that people have started to rely on having their smartphones...

    Yes, if you want effective employees, you should allow them to use their brains, as well as extensions that make them more effective.

    Do you have any questions that lack obvious answers--perhaps something worth discussing in a forum?

  • by morcego (260031) on Monday January 07, 2013 @11:31AM (#42505163)

    It is entirely possible to allow employees to have their smartphones and even notebooks, while keeping them isolated from the company's main network. I did this once for a client. It is not trivial but it is also not magic.

    However, after some time, the complain about people not being able to use those equipments to have full access started piling up, to a point it was decided it would be a lesser problem just to ban them.

    What people need to understand is that they are inside a company, not their homes. Yes, it can be interesting to the company to allow some accept and freedom, thus improving morale and productivity, but controls are needed, both for security and legal reasons. That is unaccepted to enough people to make it not worthy for the companies to implement.
     

  • Yes, these functions can be easily taken care of with a laptop. However with the constant shuffling from meeting to meeting many times the phone often becomes the go-to device when away from the desk. When away from the office, communications in the evening, over the weekends, etc. are becoming increasingly more prevalent.

    This brings up the entire philosophical debate on how much more (or less) productive everything makes people who now no longer have the luxury of checking out, having a singular focus,
  • Is it reasonable? .. absolutely.
    I routinely visit a location like this .. when you go through the metal detector/xray if they see a phone (or anything else with a microphone/camera) it gets confiscated and you get it back when you leave. I don't have any issue with this at all.

    You're forgetting that you're being paid to WORK .. not attend to personal matters. You have a phone on your desk, don't you? .. I'm fairly certain that in an emergency, someone can call the main number of your employer and say "th
  • It Depends... (Score:4, Interesting)

    by IonOtter (629215) on Monday January 07, 2013 @11:34AM (#42505197) Homepage

    If you're working on material or systems that are classified, or something akin to the iPhone 6, then yeah. Letting *any* communications device into the work area is a very bad idea. You are being targeted. Probably very specifically, too.

    If you're not working on anything of that nature, then probably not. Who cares if anyone sees the inside of your office? Or hears you talking sports scores? It's creepy as Hell, and you should probably be more worried about the fact that someone is mucking around inside your phone, listening to you.

    The exception to this, is when you walk by some moron's desk, and they have their smartphone plugged into the USB port of the computer, MOUNTED AS A HARD DRIVE.

    A computer which is inside the company firewall.

    Sometimes, you just have to assume the lowest common denominator, because convenience in listening to an MP3 collection will always trump common sense.

  • by PPH (736903) on Monday January 07, 2013 @11:35AM (#42505219)

    ... when I worked for Boeing, this was their company policy. No cameras, radios, or recording devices were allowed on company property. Although this was necessary in areas where classified DoD work was being done, they just applied this policy to all facilities. As cell phones and PDAs with cameras andd recording capabilities became commonplace, they pretty much gave up on enforcing the 'no devices allowed' rule (probably still in force in actual secure areas).

    I would consider them (Boeing) and others in their line of business to have about the most conservative position on such technology. Seeing as how they have pretty much given up on such rules, I don't see how any other employers expect to get away with them.

    Also, if employees are going to steal proprietary data (for which I'm sure there is a company policy prohibiting said activity), sneaking a camera, USB drive or whatever onto the property in violation of rules is not going to be a deterrent.

  • Good luck (Score:5, Insightful)

    by ironicsky (569792) on Monday January 07, 2013 @11:36AM (#42505231) Journal
    If, after 20+ years of personal computers we still can't stop people from accidentally downloading malware, good luck preventing it on smart phones and other portable devices. The problem is, and always will be, the ignorance of the user.
    • by PPH (736903)

      Bring your cell phone to work. Just don't connect it to the company network.

  • by oobayly (1056050) on Monday January 07, 2013 @11:44AM (#42505323)

    We were have some pretty bizarre network problems in our office one day - some machines were able to connect to our db server whilst some couldn't, and other could intermittently. Long story short*, somebody's smartphone (Android in this case) was responding to ARP requests (requesting the MAC of the server) even though it was showing its IP address as being assigned by DHCP. I reckon its previous IP on the user's home network was the same as our server, and for some reason kept answering to them.

    *Once I realised that packets didn't seem to be making it to the server (pings were intermittent), it dawned upon me to check the ARP tables on the clients. Looking up the manufacturer of the MAC address didn't immediately help as I didn't recognise the name, though I assumed it was a phone. At that stage I wasted time looking through all the phones looking for an IP address conflict (bad assumption). Finally looked up the DHCP leases for the offending MAC, found it's current IP (no hostname was provided by the client), found the offending phone, and very nearly shoved it the arse of the owner.

  • 1 you don't have a "cell phone" you have a Mobile Computing Device (that does phone calls)

    2 you don't have to be connected to your personal/business world 24/7/52

    for the lower end get a metal box of some sort line it with paper and then for a few hours a week put your MCP in the box and CLOSE it

    for the 1% folks get somebody to line an old cigar box with metal and then silk and a few hours a month put your MCP in the box and close it.

    and no but then BYOD policies are STUPID if your business requires cells/MC

  • It's that simple. Buy a wall charger (if you need to charge the phone during the day) and keep the thing completely off the grid at work. There's no way I would connect a storage device to my company network. They tend to frown on that kind of thing.

    So where's the problem?

  • Is it fair? Sure. But if they want to ban your phone in their office, politely tell them you are quite fairly banning their office on your phone. No work after 5, no emails over the weekend, no contact over holidays; that stick goes both ways and if you can't bring your life to work you shouldn't have to bring your work into your life.

  • should be allowed the use of smartphones.
  • MobileIron (Score:5, Interesting)

    by hagrin (896731) on Monday January 07, 2013 @11:58AM (#42505527) Homepage Journal
    We are actually in the midst of going through something similar at my company (a very open, not secretive environmental firm). We recognized through employee surveillance and traffic logs that cell phones were a huge security risk at our firm and the decision was made to control as much as we could while still maintaining our "Mom & Pop" company feel.

    We switched all of our cell phones from one carrier to ATT and we purchased the MobileIron software (VPS and Sentry) to control all the aspects of the company phones that enter our buildings. In addition, for the people who chose the monthly subsidy as opposed to a company phone, we prevent them from getting WiFi access from within our offices as best we can (MAC whitelisting isn't foolproof but helps with 99% of our users). We don't allow the non-company provided phones to work if they are plugged into workstations via USB cable. With MobileIron I can control basically every aspect of their smartphones including camera control, data usage, app installs, etc.

    Now, we don't have this fully running in production yet so I can't comment on the pitfalls I'm sure to face, but the short answer is workplaces don't necessarily need to ban smartphones as that could actually cripple some business processes; however, they are definitely a security threat that need to be managed just like other corporate and employee owned devices.
  • by xdroop (4039) on Monday January 07, 2013 @01:23PM (#42506603) Homepage Journal

    Part of my job is to advise companies on security policies like this, and I have advised in favor of such restrictions when asked. However this is done out of respect for the end-user's privacy. The reasoning is that there are two conflicting priorities in permitting BYOD use and network access:

    First, as a security officer I have a duty to ensure that the network and all devices connected to it remain secure.

    Second, as an agent of the company I have absolutely no right to dictate to an employee what they must or must not do with their device to prove that it is secure. It is their device which they purchased with their money to use for their own purposes.

    Since I cannot prove that the device is secure without violating their privacy or exerting an unreasonable amount of control over the device, the only resolution is that the device is not permitted.

    If you really need a device, then the resolution to that is to get the company to buy you a device -- at which point the company owns it, and can dictate what security measures are taken.

    At the end of the day, a company pays you to do a job, and as such has the final say over how you do it and what tools you use to do it. It may not be your choice, or the best choice, or even an efficient choice. But that's how they want it done.

    Good employers will listen to their staff and make adjustments and get the tools that their staff need. But it isn't mandatory.

    If you don't like the job, and the employer won't change it to suit you, you have two choices: live with it, or leave.

3500 Calories = 1 Food Pound

Working...