Just recently, my iPad tablet was stolen from my car. At the time, I had it powered on with my business email account open. Within an hour, I was able to get my service provider to remotely wipe it clean of all data.
While I lost the information and photos I had on the tablet when I wiped it clean, doing so was my choice to make. But in some workplaces, the decision wouldn’t have been mine. An employer could have made it for me.
Mobile is here, and it’s hot. But as more employers embrace the “bring your own device” movement, or BYOD, questions abound over whether the workplace and the worker are ready for the heated issues that are cropping up. Concerns with using personal devices for business purposes range from expectations of personal privacy to how to control security breaches.
“BYOD is like the Wild West — rules are being created and changed on the fly,” said Ilan Sredni, an information technology expert and CEO of Palindrome Consulting in Miami.
A variety of dynamics are driving the trend. Workers are more satisfied when we use our own preferred devices, and using our own tablets, smartphones and laptops saves an employer money in buying and maintaining equipment. A recent study by CIOInsight shows companies where employees bring their own devices to work save an average of $1,000 per year per employee in service costs alone.
With a continuous stream of new technology, many employees want the latest gadgets and ability to balance their work and home lives on their devices — iPhones and iPads or Android- and Windows-based mobile devices. “For me, the iPad is the best on-the-road solution,” said Jeanette Rodriguez, a Boca Raton, Fla., financial consultant.
“I can FaceTime my family or pull up a document from my hotel.”
At some Broward Health System hospitals in South Florida, doctors roam the facilities with their own preferred laptops and tablets, updating patient orders and scouring records online. Jean-Jacques Rajter, a Fort Lauderdale, Fla., pulmonologist and former chief medical information officer at Broward Health, said it’s an advantage to have a portable computer at your fingertips to show an image to a patient with a tap on the screen. He uses a laptop that converts into a tablet, enabling him to review his patients’ office and hospital charts at the same time. He accesses information through a Citrix program that stores information in the cloud, he explained. “No patient information is housed on the device.”
Of course, the hospital has taken security precautions and encrypts the doctor’s personal device so if it is lost or stolen, it will be wiped clean remotely — which protects patient privacy. Even more, if the hospital wants, it can track Rajter’s location through the device. And Rajter must use the hospital system’s user interface designed for desktops, which he said lacks full functionality for looking at charts. “There’s still tremendous room for improvement in the user experience,” Rajter said. “These are the trade-offs for convenience.”
While the hospital has a formal BYOD program, other businesses are allowing it on a more casual, individual basis. And with the surge in smartphone and tablet popularity, employees are bringing their devices to work and tapping into company networks, whether employers permit it or not.
Some organizations are tackling security concerns aggressively, requiring employees to install company-issued security or antivirus software on personal devices to protect corporate data from cyber-thieves in public Wi-Fi locations.
Others take it further, blocking workers from downloading certain applications or using the camera on their devices during the business day. Sredni says he advises his clients to take measures that include limiting the use of document-sharing programs and requiring complex passwords on personal devices. “There are multiple parameters we can set, but this area is so raw. People are hesitant to tell somebody, ‘This is what I want you to fill out to use your phone here in the office.’ ”
In general, research shows security strategies are all over the map — and in some cases, not sufficient or nonexistent. The most important thing a business can do is have a policy around use of personal devices and make employees aware of the sanctions for breaking it, said Mark Stein of Higer, Lichter & Givner in Aventura, Fla., an intellectual property lawyer who specializes in computer and Internet issues.
“The policy has to be relatively easy to enforce and enforced uniformly,” Stein said. That can be a challenge. A Cisco Systems survey of global information technology professionals and young workers found 71 percent of Gen Y workers said they don’t obey IT policies.
Stein says most risk will come from activities employees do on their phones that have nothing to do with their jobs — making discriminatory comments on email, running illegal side businesses online, or posting on social media sites. A policy could ban using the corporate network from a personal device or give the employer the right to search a personal device. It may also need to address who the information on the device belongs to if the worker leaves or gets fired.
“There is not a one-size-fits-all model for policy around BYOD, but if a business isn’t dealing with it yet, it will have to at some point,” Stein said.
Clients are stepping into the conversation, too. The country’s biggest banks and financial institutions are conveying an anti-BYOD message to their law firms, accountants and service providers.
Recently, the global chief operating officer of Goldman Sachs’ legal department said he is concerned over a potential breach in confidential financial information and doesn’t mind if his lawyers have personal smartphones in their pockets — he just doesn’t want them to use the same devices for business.
Home Financing Center of Coral Gables, Fla., a mortgage lender, has a similar concern over keeping customers’ personal information confidential.
It has blocked employees from accessing company information from a personal laptop or mobile device and it restricts employee use of personal cellphones at the office to emergencies only, said John R. Allen, vice president of operations.
But even as companies try to limit BYOD, technology is advancing to make it more practical for workers who argue it increases their productivity. Kevin V. Michael, managing partner of Invizio in Coral Gables, which manages technology for small businesses, says technology already exists that allows users to sign in with a business or personal profile and access different information and applications or add a work phone number to a personal cellphone. “Those technologies to support multiple identities are still evolving, and we expect that to get even better.”
Still, the biggest issues around BYOD may be the ones the employees themselves raise. Does the information on personal tablets or phones go with them to new employers? Does the boss even need to know you’re using your personal devices for work purposes, and if he learns, can he access information on it? And, of course, the ultimate concern is whether employees are owed overtime for their off-the-clock use of mobile devices.
“With a personal device, there’s a traditional expectation of privacy,” said Niza Motola, special counsel with Littler Mendelson in Miami. “Employers may ask workers to sign something that gives them no expectation of privacy.”
Motola said the BYOD trend has made it evident that with the rapid advance of technology, the laws and workplaces haven’t caught up. “The lines are blurred on what’s personal and what’s professional at work, and that’s only going to get more obvious.”