Ask Slashdot: Should Employers Ban Smartphones? 510
An anonymous reader writes "Due to a concern that smartphones (and other electronic devices) could be infected with malware and used to spy on sensitive information, my employer has recently banned all personal electronic devices from their spaces. The concern comes from articles like this one. My question to slashdot readers: How reasonable is this concern? How can this sort of malware be prevented from showing up on our devices? Is there a way to educate employees about preventing this sort of thing rather than banning the devices altogether? This current reality is that people have started to rely on having their smartphones with them at all times for things such as receiving emergency calls from day cares and schools, making personal calls during normal working hours (i.e. to make doctor's appointments), accessing password managers, and scheduling calendar events."
No persuasion required (Score:5, Insightful)
You have asked an audience that knows just how ingrained smartphones are to our everyday lives. The last half of your question is a "given."
The burden of proof is on the employer to show that no other mitigating measure can address the risks. Summarily banning child protecting, emergency-aleviating technology, not to mention the tools with which we coordinate the rest of our lives, is truly bad form and will bite the employer more often than they know.
If you are working with sensitive documents, these people will remove the camera from your iPhone for $20:
http://www.iresq.com/iphone-camera-removal.html [iresq.com]
Want to do the whole office? A 79 cent roll of electrical tape will do the trick.
The problems are solvable and worth solving. That management favors solutions that are simply a matter of writing policy, is in their nature, so don't sit in the dark and bitch, fix the bulb.
Re:No persuasion required (Score:5, Insightful)
The burden of proof is on the employer to show that no other mitigating measure can address the risks.
My current employer has banned all personal cellphones and personal laptops for some time. It is really not that hard to get around, and the burden is not on them to prove anything. You are paid to work and presumably want your job. If not having your pacifier with you at all times makes you that uncomfortable, find a different job. Or you can give out your work number for emergencies or set your cell phone to automatically forward calls during business hours to your desk phone. If you need to make a personal call that you do not want to/cant make from your desk line, go out to your car during lunch and make it.
That management favors solutions that are simply a matter of writing policy, is in their nature, so don't sit in the dark and bitch, fix the bulb.
So if a concern is the microphone on the phone you have no problem filling that with epoxy?
Re:No persuasion required (Score:5, Insightful)
If you need to make a personal call that you do not want to/cant make from your desk line, go out to your car during lunch and make it.
What do you recommend for people who use public transit instead of driving to work?
Occam wanna sell you a razor (Score:4, Funny)
If you need to make a personal call that you do not want to/cant make from your desk line, go out to your car during lunch and make it.
What do you recommend for people who use public transit instead of driving to work?
Go outside and make the call? I mean, how many people are out there working in submarines, underground silos or a bunker in the middle of the Mojave Desert for whom the simplest, most general case solution is not applicable?
Re:Occam wanna sell you a razor (Score:5, Funny)
Re: (Score:3)
So if you are banned from bringing the cellphone in, where do you keep it if you take public transit?
Re: (Score:3)
At the front desk with the guard/greeter for the building?
I'm sure the company would happily set something up for people to check their phones in/out.
Re:Occam wanna sell you a razor (Score:4, Insightful)
That will be fun when one is stolen or misplaced. I am sure the company will love replacing them.
Re: (Score:3)
I'm sure the company would happily set something up for people to check their phones in/out.
What, something that requires money AND accountability to run?
LOL, doubtful they'd set that up voluntarily.
Re: (Score:3)
It's reasonable to ask management for lockers...
Re: (Score:3)
If you need to make a personal call that you do not want to/cant make from your desk line, go out to your car during lunch and make it.
What do you recommend for people who use public transit instead of driving to work?
If your employer is paranoid about security, I'd expect them to have a security desk in the front of the building. If there is a security desk, I'd think that instituting a policy where the guards will trade numbered cards for phones when you enter/exit the building would be reasonable (hint: the cards correspond to numbers cubby holes where your phone is stored safely throughout the day).
Re:No persuasion required (Score:5, Funny)
What do you recommend for people who use public transit instead of driving to work?
Death
I see that you work for the Muni.
Re: (Score:3)
3 or 4?
I would say 80% of our companies call center takes public transit, and at least 25% of the rest of the employees. During summer that number only goes up.
When smart phones are being given away for nothing with service even people who cannot afford or have no use for a car will have them.
Re:No persuasion required (Score:4, Informative)
I live in New Orleans...I guess that qualifies as a city. I've pretty much always lived in a city....but the only people that ride the buses regularly are the bums and lowlifes that can't afford a car.
I mean...why would I want to spend 2+ hours on a bus with some smelly hobos, changing busses a number of times to get to work, carrying my lunch, my backpack, and possibly my gym clothes (close to work), and my work laptop, when I can jump in my car and get there directly in about 10 min or less (I tend to drive VERY fast).
Sure, some cities have mass transit that everyone can use and works, but most cities I've lived in, either you have to ride with the less than desirables....or it is so inconvenient to have to switch buses numerous times, etc, that it just isn't worth the effort for the perceived reward (saving some gas money?).
During rainy season (which is a LONG time here in NOLA, along with the high heat and humidity), I'd not want to be changing busses and running around all the way to work....I'd definitely not very professional coming into work rained on and sweat soaked from my many bus trips to get here.
Re: (Score:3)
Fuck, it's a miracle anybody managed to find their dick to take a piss prior to having a phone the way you idiots talk.
About half of humanity can't find their dick.
And providing a phone is unlikely to change that.
Re: (Score:3)
The world has changed. 15 years ago, in most parts of the US, it was expected in most well-paid jobs that you'd have a car to get to work. Sure, 150 years ago this was an unreasonable expectation, but it's expected now, and as a result, employers have parking lots for their employers to park in. No employer is going to last very long if 95% of their employees need to commute (by car) to work due to the geography and local culture of the area, yet they provide no place for them to park.
Similarly, these da
Re: (Score:2)
Exactly. And if the company can't find anybody competent to fill your role, it's their problem.
The only thing wrong with this argument is that companies always go screamming to the government, asking for help.
Re: (Score:3)
"The only thing wrong with this argument is that employees always go screaming to the government, asking for help."
FTFY.
Re:No persuasion required (Score:5, Insightful)
This whole question is based on a false premise that personal and corporate smartphones can't be managed. The answer is very simple:
Are these work-mandated/provided smartphones that have access to the company e-mail/intranet system? If so, then the company needs to invest in Mobile Device Management (MDM) software like Good, MobileIron or even a BlackBerry BES and lock down which apps end users can install, what can be downloaded or forwarded, etc.
Are these personal smartphones? Don't provide any access to the company e-mail/intranet or any other system on non-company devices so whatever malware you decided to install has no impact on the company.
Whether personal smartphones are allowed in a business should not even be a question unless you work in an environment where employees taking pictures of documents, people or facilities is a security risk (the government has a lot of these environments), and generally in those cases you are not allowed electronic devices in those restricted facilities, period - work or personal.
BTW the linked Washington Times article (quality news source, there) describes a proof of concept app but does not describe the platform(s), attack/delivery vectors or anything else about how you would actually hijack a phone in this way. I'm pretty sure it wouldn't get approved in Google Play, the iOS App Store, or any other reputable app source. So if your employers are afraid of that, then they need to up their med dosages.
Re:No persuasion required (Score:4, Informative)
That's an answer straight from the 80s, back when admins thought they should control everything on the network.
In the modern world you want a remote destop (via a product from VMware, Citrix, etc). The users can bring any damn device they please, virus-infested nasty things that they are, but the only access they have to corporate services is a remote desktop connection to a VM in the datacenter.
BYOD is the corporate future. The safe, modern solution is to send "pixels, not files" to those devices, so there's no data at risk.
Re: (Score:3, Insightful)
That sounds like an awful company to work for. Fact is, employers demand longer and longer hours for less pay. People still need to do other shit in their lives despite those demands. So a complete ban on personal computers, personal internet use is just controlling and mean. Enlightened employers get higher productivity from their staff by just not being dicks. Not so hard to work out, is it?
Re: (Score:3)
None of the devs here are. They will surely fuckup the machines. Even faster than a normal user.
That is exactly what happens when devs are given admin/root. They will install stuff for home and even cracked software to use at work if they like that version better. They never think of the security or legal implications of doing that.
Re:No persuasion required (Score:4, Informative)
In places where desktops are locked down for software install, with choice of images as the only way to get software, trying to support devs usually isn't even on the radar. There's always some tool or utility specific to one dev's preferences that really will make him more productive.
In places where desktops aren' locked down, any decent dev will have root anyhow, soon as he gets around to it. Although, giving Linux devs Windows dev machines would be a particularly evil way to delay the inevitable.
My favorite story is of a group os devs where IT insisted that SMS (the old MS management client, not the mesaging tool) be running on every desktop so that they could inventory and push software to the devs at will. Of course, that started an arms race with the devs getting ever more clever with deleting the SMS client, until managment handed out dire threats to anyone caught deleting it. At which point, thanks to backchannels, an internal test version of SMS (that would respond successfully to any server requests with scripted answers) somehow made it out of MS and into the devs hands. IT never twigged to the substitution.
I've been known to virtualize the image IT insisted I use, so that everything looked just fne to them via their tools, while I could get on with my job using the rest of the machine.
Re:No persuasion required (Score:5, Informative)
My company does a lot of DoD work. The policy is: no personally owned electronics may connect to company assets. Ever. We can have personal smartphones (but no notebooks or tablets) as long as they do not have a functional camera. For Android phones the only option is to remove the camera or JBWeld over the lens. For my new iPhone the local AT&T store enabled restrictions on the camera with a password only they know and gave me a letter as such. That's good enough for our security folks. It's not a perfect situation as disabling the camera kills things like having Siri dial phone numbers for me (as apparently that somehow involves Facetime) but it's better than any sort of destruction. Plus I was able to get the camera un-disabled (yeah, I know) when I went on vacation for a week and then have it re-disabled.
Re:No persuasion required (Score:5, Informative)
Your company may be in the minority (on the conservative end of the spectrum). I've worked for several different DoD contractors over the years, and once they got past the "OMG phones cameras run RUN" stage, they all figured out how to allow personal cellphones, even with cameras, into the main plant area. There are rules, carefully enforced, about maintaining airgaps (and no WiFi) between personal and corporate networks, etc. There's no reason, other than panic or deep-seated distrust of your entire staff, to ban personal devices in the workplace.
Re:No persuasion required (Score:5, Insightful)
Summarily banning child protecting, emergency-aleviating technology
What happened to giving them your work place number like you know, your parents did? Children were just as safe before smart phones...
not to mention the tools with which we coordinate the rest of our lives
I don't agree with this at all. 10+ years ago we didn't use smart phones and we coordinated the rest of our lives just fine.
The problems are solvable and worth solving. That management favors solutions that are simply a matter of writing policy, is in their nature, so don't sit in the dark and bitch, fix the bulb.
I think management just wants you to do your job and not have you sit there browsing facebook on your phone, texting your friends or calling for appointments while you are getting paid.
Re:No persuasion required (Score:4)
It's quite a different world ten years ago.
Re:No persuasion required (Score:5, Insightful)
It's quite a different world ten years ago.
The technology may be different, but the mechanics of our daily lives haven't changed much since the wired telephone, refrigerators, and cars became ubiquitous.
Re: (Score:3)
No, really it isn't.
Re: (Score:3)
10+ years ago we didn't use smart phones and we coordinated the rest of our lives just fine.
What are you doing on /.? Back when I was in high school, there was no public Internet access, and we managed just fine!
Times change. Expectations change. Communication mediums change. There are technologies available to allow BYOD in a safe manner; we are starting to look into such tech where I work, since we understand that, like it or not, employees WILL be bringing smartphones and tablets into the workplace. You can either recognize that people are going to bring their own devices to work and s
Re:No persuasion required (Score:5, Insightful)
Re: (Score:3)
Ten years ago, when I took public transportation to work, then took a cab from work to dinner, I would be able to use a pay phone to make a call that night if necessary.
Now, pay phones are gone, because I and everyone else have cell phones.
Of course, you could go back and point out that in 1924 I wouldn't have access to pay phone for that call either, and I would need to catch a ride home on a trolley for a nickel to check in with the nanny. But that's just as silly as the argument you're making now.
The wo
Re: (Score:3)
Children were just as safe before smart phones...
No they weren't. Violence against children has declined significantly in recent years. It is debatable how much of this is attributable to smartphones, but children certainly were not safer in the "good old days."
Re:No persuasion required (Score:4, Insightful)
Removing smart phones is the easiest and most secure way to handle these issues. The burden of proof is to prove that there exists ways that are just as secure. For example If you work in a DoD environment then you have to accept the possibility that you're not going to be able to bring your device in the building. It sucks sometimes sure but if the risk is information coming in or going out then this helps mitigate it a great deal.
Re: (Score:3)
Re:No persuasion required (Score:5, Insightful)
Burden of proof? WTF is that all about? We have problems with phones in our plant. They haven't been banned - yet. But we have problems with people's attention being distracted from their jobs. An issue that has never been addressed at our plant, is the possibility of "sensitive" and "secret" documents being recorded. Trade secrets are trade secrets, easily recorded and sold to whoever might be interested in them when everyone carries a phone with a camera.
There is no "burden of proof" - if management becomes aware of risk, they can ban anything and everything that they deem to be a part of the risk.
We also suffer from vandalism. So far, it has been confined to physical vandalism of equipment. Some day, some bright boy is going to figure out that he can plug in a WIFI, and use his smart phone to introduce anything he likes to the computerized equipment. The older equipment may not recognize a WIFI device, but the newer machines certainly do.
Bad form, you say? This is the United States, in the year 2012. Management has dismissed half of the lessons ever learned about keeping personnel happy. They don't give a damn about happy employees. There are four or five applicants for every job that opens up. They don't NEED to keep more than some key personnel happy. Even junior management is subject to layoff at any time.
Bad form and burden of proof, you say. Either you are a very lucky person, and have a really great job where management actually thinks about you and your needs - or you're stuck in the mid-1980's. Nowadays, management doesn't even measure their turnover rates among labor, skilled labor, and trades people. Moving up the chain of command, there is a little superficial "caring" shown to the engineers, and a little more "caring" for junior management.
More, the states are backing up employers far more than they did in past decades. I think it was Michigan that just became a "right to work" state. The employer need prove nothing - the employer rules, and you obey. There is no civil right being infringed if the employer bans your electronic toys during work hours.
Re:No persuasion required (Score:5, Insightful)
I know this may come as a surprise to you and the rest of corporate America, but nobody gives a crap about your secret documents. Really, nobody cares at all. Sure, it's fun to play "secret agent man', but nobody is actually clamoring for them.
Most of your double deep dark secret methods and techniques are actually SOP at any company in your field. REALLY! The rest are obvious but only applicable to the particular situation at your company.
If you actually had worthwhile secret documents, someone would have already sold them in exchange for a nice retirement to a tropical paradise somewhere. There was a time when employee loyalty might have prevented that, but it went out the window the day after loyalty to employees did. If your employer REALLY had secrets that were worth anything, it would pay above average, offer generous vacation time and other perks and generally treat it's employees as if they held the future of the company in their hands. But that costs money, so it's out of the question.
Re: (Score:3)
So because management can treat employees like shit, they will. Sounds like a bunch of great people. What ever happened to just being a pleasant person? You know, the whole "do unto others" thing. Yes, I know, making that widget is all that counts in this world. It is after all how you put food on the table.
What a miserable existence. I would rather be dead.
Re: (Score:3)
"Bad form and burden of proof, you say. Either you are a very lucky person, and have a really great job where management actually thinks about you and your needs - or you're stuck in the mid-1980's."
Or he's employed in a first world country other than the US. If that's luck or not, I'll leave up to your judgement.
I do know, as a dutch IT worker cooperating with foreign companies from a few different parts of the world, that I'd never want to work for an American company. Very little vacation, very inefficie
Re:No persuasion required (Score:5, Insightful)
They pay you to work, not to sit at your desk playing farmville or tower defense on your cell phone.
My office has noticed a genuine drop in the quality and quantity of work that gets done by folks who screw around with their cell phones when they're supposed to be working, and has banned them at your desks. Put it on stun, and put it in a drawer. On your own time (breaks/lunches), it's allowed to come out, but as a courtesy to other people who *are* supposed to be working, they ask that any phone calls/whatever you make be done in the hall, lunch room, or outside.
How is that intrusive, or corporate feudalism?
And for any emergencies, I have a company-provided e-mail which can be used, and I have a desk phone which people can call.
Re: (Score:3)
I believe you missed the point about the "Guilded Age."
"Gilded" means to be covered with gold, which would make no sense in the context of the post.
He (assuming from a username of "jedidiah") was making a play on words to indicate that we are returning to a time of the medieval guilds, referencing his statement of "corporate feudalism" from the previous statement.
Re: (Score:3)
He meant guilded... Like a pack animal with its happy bits cut right the F* off.
I think you mean gelded.
Re:No persuasion required (Score:4, Insightful)
You would be out of a job soon. Threaten me with violence and HR and the police will be hearing about it. I would also be calling my lawyer to prepare for that hostile workplace/unlawful termination suit.
Re: (Score:3, Insightful)
Re: (Score:3)
He is no ones manager, just another internet toughguy. Here in reality HR gets rid of lawsuits waiting to happen ASAP.
Re:No persuasion required (Score:5, Insightful)
That is the tradeoff from expecting people to take care of business during personal time.
It cuts both ways. You want me on call 24x7 for a week and available if you really need me other times, then I will be making personal calls on the clock.
No (Score:5, Insightful)
Ban of outside laptops (Score:5, Informative)
Would you ban laptops at work for the same reason?
A lot of businesses do in fact ban laptops that aren't company-owned.
Re:Ban of outside laptops (Score:5, Insightful)
A lot of businesses do in fact ban laptops that aren't company-owned.
Exactly. You have a work phone number in exactly the same way that you have a work computer.
I don't really think "but daycare and school" makes for a compelling argument.
They have your work number on file, let them use it.
All the other reasons listed are ones of convienence, not necessity.
Re:Ban of outside laptops (Score:5, Informative)
All the other reasons listed are ones of convienence, not necessity.
Almost certainly. That said, all employees expect a certain amount of convenience, which varies greatly by situation.
I'm an IT guy. If a company I worked for started with the, "no smartphones at work" thing just because they wanted to make sure they were getting every last second of productivity out of you, whilst working you overtime for no additional pay (as this rule will almost certainly be, every time), I'd add it to a list of reasons to go elsewhere.
As with most things, it's not necessarily one thing that makes you leave... it's a lot of things adding to employee dissatisfaction.
Re:No (Score:4, Informative)
Re:No (Score:5, Interesting)
Re: (Score:2)
I'm glad I've never worked for a company like that.
I've worked somewhere a tiny bit like that, but they were still allowed to give out everything except "sudo bash" access. The sysadmins knew that it was effectively equivalent. But they generally knew that anyone who could figure it out could root the machine anyway should they need to. So they stuck to the letter of the rules very closely.
And for some reason laptops didn't have the same rules as desktops. Neither did embedded kit. So I had one workstation
Suck it up. (Score:2, Insightful)
Re: (Score:3, Insightful)
" You get paid to work, not deal with personal matters."
Amen brother!
This view illustrates that people at work are busy organizing their private lives, making doctor's appointments, calling family, brokers, schools, daycare, tweeting nonsense and updating their online presence and other crap instead of doing their fucking job and they apparently feel entitled to it.
Re:Suck it up. (Score:5, Interesting)
As long as my job pays me for every minute they intrude into my personal life or past the 8 hours a day I owe them, sounds fine with me.
Re: (Score:3, Insightful)
No, it most certainly is not. Salary negotiated by both parties is indeed enough compensation because you were involved in its negotiation. The number of hours per week you owe to your employer is part of your employment contract. Beyond that contract is not covered and therefore NOT COVERED. I am happy to go above and beyond for a company I enjoy working for, but my rights are my rights.
Re: (Score:2, Insightful)
No, I'm on salary. I get paid to make my skills available to my employer and complete the work I need to do. If you want to pull that bullshit you make me hourly, and do not bother me outside the 9-5 unless you want me to bill you for it. Oh, and expect the additional annoyance from me like reimbursement for all the home electrical power being used to charge your company cellphone and run my company laptop. Ditto for ISP charges.
Asshat.
Re: (Score:2)
" You get paid to work, not deal with personal matters."
Amen brother! This view illustrates that people at work are busy organizing their private lives, making doctor's appointments, calling family, brokers, schools, daycare, tweeting nonsense and updating their online presence and other crap instead of doing their fucking job and they apparently feel entitled to it.
Your forgot /.
Re: (Score:3)
Sure, no problem, if you live in the 50s and have a nonworking wife who doubles as a personal servant. Absent of that, I'm sure the company won't mind paying for a personal concierge to manage my doctor appointments, arrange for the plumber and/or electrician and go to my house and wait for him, her or it until arrival in that 4 hour window, pick up the kids from school, take care of them when they're sick, pick up the car when it's ready.
A smart phone is a cheap solution. Texts are quicker and more concise
Re:Suck it up. (Score:5, Insightful)
Am I too old or something? We always ran our personal lives from work, but it used to be a lot more invasive. You couldn't take care of many things online, so you had to leave work during working hours to take care of it. Any time you needed customer service, you had to use the telephone at work. You'd have errands to run, so you would either come in late, take an extended lunch, or leave early. Expecting a call? You had to hover near your desk so that you wouldn't miss it.
I won't defend tweeting, updating Facebook, and the like - but I think that most employers recognize that letting people take care of some personal stuff while at work ultimately improves productivity.
Re: (Score:3)
Re: (Score:3)
A question I get nearly every time I make a Dr appointment. "And why are you coming to see Dr zzzzzz" No, I'll leave my desk and use my cell phone when I make my Dr appointments. My health concerns are not my coworkers business.
Re:Suck it up. (Score:4, Funny)
You usually have to repeat yourself several times before finally loudly yelling "Hemorrhoids!"
Yeah, and my doctor keeps telling me he can't do anything about my boss.
Actually... (Score:2)
A lot of people I know are using their personal smartphones for work, including me. Check on a server, bring up an app. Check out the WiFi, bring up another app. I have tons of apps on my personal phone that have saved countless hours diagnosing issues
Fact is, an awful lot of employers should be kissing our asses for using our own personal devices to be more productive at work.
Re: (Score:3)
Question: Did you post that response on Slashdot from work?
Re:Suck it up. (Score:4, Insightful)
Surprisingly smartphones have not been around forever and little Johnny & Sally still managed to make it thru daycare okay.
You make it sound as if the advent of smartphones was the only thing that changed since the fifties. Guess what, people are now required to be "time flexible", and I guess the society changed in many other ways that make it desirable to be reachable.
If there's an EMERGENCY, outsiders can call your employer's main number and ask for you. You get paid to work, not deal with personal matters.
And that switch to the desk phone makes that call somehow...impersonal?
Re: (Score:2, Informative)
surprisingly, brains have not been around forever and your great^1023 ancestors
got along just fine with no brains at all. they just used basic metabolic pathways.
c'mon. life moves on. eventually you'll have to change too, our become a
dinosaur.
What a good little slave you are (Score:5, Insightful)
My god, this attitude is amazing, what primitive part of the world did you grow up in? Most normal employers realize that work and private live are not so easily seperated and simply allow the two to intertwine. If I ask someone to stay late because of deadlines, can I then deny them time to make calls during office hours to arrange private things? Hell, this must be an American thing. Do you also object to people using the company printer?
Of course, normal people realize there is a line, you can print out a form, your CV is a bit touchy and you do NOT print out a thousand copies of your novel but come on!
If your tried that master slave attitude in Europe, you would find yourself soon with no employees left.
Unless there is a VERY real need for security, everyone carries a mobile phone with them in Europe. The idea you shouldn't answer a personal call during office hours is just so 19th century. Come on, join us in the future, we got cookies!
Ten to one this gti_guy doesn't have a job, lives in a trailer on government assistance and whines about all those leeches living of the state.
People good enough at their job to have one know they are valuable and companies are willing to keep them happy.
Re:What a good little slave you are (Score:4, Interesting)
No, it's certainly not an "American" thing. It's a bunch of indignant unmarried, childless aspies who've never actually faced the problem spouting off about their "issues" with policies like this. And I'm pretty sure there's no national boundaries for that.
Most employers have a "reasonable personal use" policy. If you're spending hours on the phone gossipping with your neighbors, then yeah, you'll probably be talked to. Have to take a short break to call the doctor's office to schedule a checkup? Call your wife to ask her to pick up the kids because you're going to be stuck at the office a little later than expected? Call the plumber to come fix that frozen pipe? Arrange with UPS to pick up the package at their delivery center since you won't be home to receive it? Get a call from daycare to let you know that little Johnny just had an allergic reaction?
These are all typical things you might need to do during the day, and these are all typical things that corporate "acceptable use policy" will deem "acceptable use," except for certain very specific cases - i.e., DoD contracting, very very secret "trade secret" work, etc. Most companies won't allow you to connect personal devices to the corporate network, but more and more of them are setting up secondary "internet only" networks for phones, tablets, personal laptops, and the like. This concern about "they could hijack your phone and take pictures of your facility and map the interior!" is silly for anybody who doesn't work in a top secret facility.
Here's an easy rule of thumb test: if you can bring your kid into your office and let them sit around there with you... you don't need to restrict cell phone use.
Re: (Score:3)
I hear this argument a lot when the topic of personal calls / errands during work hours comes up. And it’s true of course. the real question is how your employer establishes that you have fulfilled the day’s obligations. Have you done what was asked of you? Or have you kept your seat warm for 8 hours? The two are not the same.
There are some employers who are very clear on this: they expect you to work for 8 hours, no personal stuff al
Re: (Score:3)
Re: (Score:2)
So, your workplace have no phone? I always had a phone on my desk.
Welcome to 1992. The last three companies I worked for (AT&T, Nokia, and a startup) did not have desk phones. They're dinosaurs.
what about people in the feild who use them for wo (Score:3)
what about people in the field who use them for work???
also useing a smart phone is cheaper then cell phone + data card in a laptop.
Re:what about people in the feild who use them for (Score:4, Informative)
Re: (Score:2)
If you're allowing BYOD for company use you're asking for problems, but that too is manageable with the proper software containerization.
Betteridge's law of headlines. (Score:3)
Re: (Score:2)
Someone has to say it, may as well be me. What is this MSN?
Nope. It's a serious news source: The Washington . . . Oh, wait. Nevermind.
Re: (Score:2)
No, but this is "Ask Slashdot" (ask.slashdot.com) -- I do expect the headline to contain a question and the answer to not always be "no."
I read something about... (Score:4, Insightful)
For unrelated/unregulated industries, this approach is unreliable, impractical, unprofitable, and let's face it, just plain stupid.
depends where you work (Score:4, Insightful)
if you work in a sensitive area then expect high security
if you work for a US GOVERNMENT agency around classified information then you're probably following these rules already
if you work in a start up with cool tech you might expect something like this
if you work in your average workplace no one is going to care
How reasonable is this concern? (Score:5, Informative)
How reasonable is this concern?
Very reasonable, if your employer is a CA. Not at all reasonable if your employer sells hubcaps. Need more info.
How can this sort of malware be prevented?
Educate employees. (But your next question shows that you already know this.)
Is there a way to educate employees...?
Yes. Employees are not algorithms. That's why we employ them instead of just computers.
This current reality is that people have started to rely on having their smartphones...
Yes, if you want effective employees, you should allow them to use their brains, as well as extensions that make them more effective.
Do you have any questions that lack obvious answers--perhaps something worth discussing in a forum?
There are solutions, and the users would complain (Score:3)
It is entirely possible to allow employees to have their smartphones and even notebooks, while keeping them isolated from the company's main network. I did this once for a client. It is not trivial but it is also not magic.
However, after some time, the complain about people not being able to use those equipments to have full access started piling up, to a point it was decided it would be a lesser problem just to ban them.
What people need to understand is that they are inside a company, not their homes. Yes, it can be interesting to the company to allow some accept and freedom, thus improving morale and productivity, but controls are needed, both for security and legal reasons. That is unaccepted to enough people to make it not worthy for the companies to implement.
Email/calendars in the corporate world (Score:2)
This brings up the entire philosophical debate on how much more (or less) productive everything makes people who now no longer have the luxury of checking out, having a singular focus,
Paid to WORK (Score:2)
I routinely visit a location like this
You're forgetting that you're being paid to WORK
It Depends... (Score:4, Interesting)
If you're working on material or systems that are classified, or something akin to the iPhone 6, then yeah. Letting *any* communications device into the work area is a very bad idea. You are being targeted. Probably very specifically, too.
If you're not working on anything of that nature, then probably not. Who cares if anyone sees the inside of your office? Or hears you talking sports scores? It's creepy as Hell, and you should probably be more worried about the fact that someone is mucking around inside your phone, listening to you.
The exception to this, is when you walk by some moron's desk, and they have their smartphone plugged into the USB port of the computer, MOUNTED AS A HARD DRIVE.
A computer which is inside the company firewall.
Sometimes, you just have to assume the lowest common denominator, because convenience in listening to an MP3 collection will always trump common sense.
Back a few decades ago .... (Score:5, Insightful)
I would consider them (Boeing) and others in their line of business to have about the most conservative position on such technology. Seeing as how they have pretty much given up on such rules, I don't see how any other employers expect to get away with them.
Also, if employees are going to steal proprietary data (for which I'm sure there is a company policy prohibiting said activity), sneaking a camera, USB drive or whatever onto the property in violation of rules is not going to be a deterrent.
Good luck (Score:5, Insightful)
Re: (Score:3)
Bring your cell phone to work. Just don't connect it to the company network.
Not just malware that is an issue (Score:5, Informative)
We were have some pretty bizarre network problems in our office one day - some machines were able to connect to our db server whilst some couldn't, and other could intermittently. Long story short*, somebody's smartphone (Android in this case) was responding to ARP requests (requesting the MAC of the server) even though it was showing its IP address as being assigned by DHCP. I reckon its previous IP on the user's home network was the same as our server, and for some reason kept answering to them.
*Once I realised that packets didn't seem to be making it to the server (pings were intermittent), it dawned upon me to check the ARP tables on the clients. Looking up the manufacturer of the MAC address didn't immediately help as I didn't recognise the name, though I assumed it was a phone. At that stage I wasted time looking through all the phones looking for an IP address conflict (bad assumption). Finally looked up the DHCP leases for the offending MAC, found it's current IP (no hostname was provided by the client), found the offending phone, and very nearly shoved it the arse of the owner.
People are thinking of things wrong (Score:2)
1 you don't have a "cell phone" you have a Mobile Computing Device (that does phone calls)
2 you don't have to be connected to your personal/business world 24/7/52
for the lower end get a metal box of some sort line it with paper and then for a few hours a week put your MCP in the box and CLOSE it
for the 1% folks get somebody to line an old cigar box with metal and then silk and a few hours a month put your MCP in the box and close it.
and no but then BYOD policies are STUPID if your business requires cells/MC
Don't connect to the company network (Score:2)
It's that simple. Buy a wall charger (if you need to charge the phone during the day) and keep the thing completely off the grid at work. There's no way I would connect a storage device to my company network. They tend to frown on that kind of thing.
So where's the problem?
As ye reap (Score:2)
Is it fair? Sure. But if they want to ban your phone in their office, politely tell them you are quite fairly banning their office on your phone. No work after 5, no emails over the weekend, no contact over holidays; that stick goes both ways and if you can't bring your life to work you shouldn't have to bring your work into your life.
Only the IT department... (Score:2)
MobileIron (Score:5, Interesting)
We switched all of our cell phones from one carrier to ATT and we purchased the MobileIron software (VPS and Sentry) to control all the aspects of the company phones that enter our buildings. In addition, for the people who chose the monthly subsidy as opposed to a company phone, we prevent them from getting WiFi access from within our offices as best we can (MAC whitelisting isn't foolproof but helps with 99% of our users). We don't allow the non-company provided phones to work if they are plugged into workstations via USB cable. With MobileIron I can control basically every aspect of their smartphones including camera control, data usage, app installs, etc.
Now, we don't have this fully running in production yet so I can't comment on the pitfalls I'm sure to face, but the short answer is workplaces don't necessarily need to ban smartphones as that could actually cripple some business processes; however, they are definitely a security threat that need to be managed just like other corporate and employee owned devices.
I Advise On Security Policies Like This (Score:3)
Part of my job is to advise companies on security policies like this, and I have advised in favor of such restrictions when asked. However this is done out of respect for the end-user's privacy. The reasoning is that there are two conflicting priorities in permitting BYOD use and network access:
First, as a security officer I have a duty to ensure that the network and all devices connected to it remain secure.
Second, as an agent of the company I have absolutely no right to dictate to an employee what they must or must not do with their device to prove that it is secure. It is their device which they purchased with their money to use for their own purposes.
Since I cannot prove that the device is secure without violating their privacy or exerting an unreasonable amount of control over the device, the only resolution is that the device is not permitted.
If you really need a device, then the resolution to that is to get the company to buy you a device -- at which point the company owns it, and can dictate what security measures are taken.
At the end of the day, a company pays you to do a job, and as such has the final say over how you do it and what tools you use to do it. It may not be your choice, or the best choice, or even an efficient choice. But that's how they want it done.
Good employers will listen to their staff and make adjustments and get the tools that their staff need. But it isn't mandatory.
If you don't like the job, and the employer won't change it to suit you, you have two choices: live with it, or leave.
Device administration software (Score:2)
Dogfooding where everyone's an app tester (Score:2)
Verizon and Sprint do not use CSIM (Score:2)
Guess what? Your normal "dumb" phone can do that.
Only in countries where it is common practice to share one SIM between two different phones, a "dumb" phone carried to work and a smartphone used elsewhere. In the United States, on the other hand, Verizon, Sprint, and MVNOs using either of their networks do not use CSIM cards; instead, they program the subscriber identity directly into the handset.
Re: (Score:3)
No, it is not. For several reasons.
First of all, insurance companies explicitly tell customers *NOT* to leave any valuables in their automobile.
Secondly, auto-insurance does not cover any property stolen from an automobile anyways, and personal property insurance often doesn't generally cover things left in an automobile while you are at work anyways unless you are paying on a special (and much more expensive) plan that exp