Slashdot Mirror
Ask Slashdot: Should Employers Ban Smartphones?
An anonymous reader writes "Due to a concern that smartphones (and other electronic devices) could be infected with malware and used to spy on sensitive information, my employer has recently banned all personal electronic devices from their spaces. The concern comes from articles like this one. My question to slashdot readers: How reasonable is this concern? How can this sort of malware be prevented from showing up on our devices? Is there a way to educate employees about preventing this sort of thing rather than banning the devices altogether? This current reality is that people have started to rely on having their smartphones with them at all times for things such as receiving emergency calls from day cares and schools, making personal calls during normal working hours (i.e. to make doctor's appointments), accessing password managers, and scheduling calendar events."
You have asked an audience that knows just how ingrained smartphones are to our everyday lives. The last half of your question is a "given."
The burden of proof is on the employer to show that no other mitigating measure can address the risks. Summarily banning child protecting, emergency-aleviating technology, not to mention the tools with which we coordinate the rest of our lives, is truly bad form and will bite the employer more often than they know.
If you are working with sensitive documents, these people will remove the camera from your iPhone for $20:
http://www.iresq.com/iphone-camera-removal.html
Want to do the whole office? A 79 cent roll of electrical tape will do the trick.
The problems are solvable and worth solving. That management favors solutions that are simply a matter of writing policy, is in their nature, so don't sit in the dark and bitch, fix the bulb.
Would you ban laptops at work for the same reason?
What? Are you telling me all the executives and C-level types can't show around their latest iPhones, Galaxies, BlackBerries, etc? Or does it just apply to the minions?
Surprisingly smartphones have not been around forever and little Johnny & Sally still managed to make it thru daycare okay. If there's an EMERGENCY, outsiders can call your employer's main number and ask for you. You get paid to work, not deal with personal matters.
Don't ban smartphones completely, obviously, unless you are working on extremely sensitive stuff or something. I think the more interesting question is apart from providing basic guidelines of what to do and what not to do and have some page with some helpful security tips, shouldn't an employer be able to expect that folks will be smart and not put un-reliable apps on their smart phones? The issue in the article above is the same problem one can have with laptops with webcams right? Or am I missing something here?
what about people in the field who use them for work???
also useing a smart phone is cheaper then cell phone + data card in a laptop.
This current reality is that people have started to rely on having their smartphones with them at all times for things such as receiving emergency calls from day cares and schools, making personal calls during normal working hours
Guess what? Your normal "dumb" phone can do that.
accessing password managers
Really? Surely your employer will allow you to install the damn thing on your work computer.
and scheduling calendar events
Ever heard of this old invention called "paper"? They put a bunch of sheets together, draw grids and numbers and month names on them, and call it a "calendar". If you're really desperate, perhaps you could use the internet access your employer provides to access your Google calendar on your work computer.
If its a nuclear weapons research facility then this isn't that unreasonable.
If its just some normall business then its typical over reaction!
My vote is strongly in the 'no' camp. There are other things I use my phone for while I'm working, like listening to music.
In some very secure areas, like what we have where I work (where banking/financial things are processed), I would say yes. Not so much for the malware, but other information-gathering methods, like cameras and whatnot, that can be used to simply record data on screen.
Someone has to say it, may as well be me. What is this MSN?
I hate sigs.
Would you ban laptops at work for the same reason?
A lot of businesses do in fact ban laptops that aren't company-owned.
Anything that can breach security in a government setting is worth withholding indefinitely until a practical policy can be approved which reduces risk to near zero.
For unrelated/unregulated industries, this approach is unreliable, impractical, unprofitable, and let's face it, just plain stupid.
When the foot seeks the place of the head, the line is crossed. Know your place. Keep your place. Be a shoe.
if the company provides a suitable phone as an alternative and doesnt cost the employee, its called having a work phone and its the employers responsibility to make sure whatever phones they allow that to be secured in the proper way if needed
There has been many projects that use statistics to create a remote key logger based off of sound or vibrations picked up by the acceleration of the phone. The sound and vibration in the table you make by typing actually can be used to figure out to a high accuracy what you typed. Meaning a virus in your phone could figure out where you work and your passwords. But also, they could use lasers to measure the vibration of the window to pick up the sound waves. Your screwed either way.
I imagine that company-owned smartphones managed by the company's device administration software would be allowed, but no others. Upper-level management and phone sales staff would get these as a perk; those under them aren't supposed to be receiving personal calls on company time anyway.
It entirely depends on how the devices are used. If it is BYOD scenario then education and anti-virus should be the norm.
If the devices are not attached the the corporate network then there is really no issue.
if you work in a sensitive area then expect high security
if you work for a US GOVERNMENT agency around classified information then you're probably following these rules already
if you work in a start up with cool tech you might expect something like this
if you work in your average workplace no one is going to care
How reasonable is this concern?
Very reasonable, if your employer is a CA. Not at all reasonable if your employer sells hubcaps. Need more info.
How can this sort of malware be prevented?
Educate employees. (But your next question shows that you already know this.)
Is there a way to educate employees...?
Yes. Employees are not algorithms. That's why we employ them instead of just computers.
This current reality is that people have started to rely on having their smartphones...
Yes, if you want effective employees, you should allow them to use their brains, as well as extensions that make them more effective.
Do you have any questions that lack obvious answers--perhaps something worth discussing in a forum?
Then why not add "app tester" to everyone's job title and call it dogfooding?
Researchers from the U.S. Naval Surface Warfare Center have developed malicious software that can remotely seize control of the camera on an infected smartphone and employ it to spy
Is your organization one that would likely be the target of a reconnaissance attack by the US Navy? If so, then yes smartphone use should probably be limited because it appears that they have some pretty slick malware at their disposal. If not, then for fuck's sake get a grip. If you don't trust your employees enough to neither keep their phones relatively malware-free AND to not point them at sensitive things (never point a camera at something you wouldn't want anyone else to see, just like you never point a gun at something you wouldn't want to shoot) then you probably need to find new employees (or work on your trust issues).
It is entirely possible to allow employees to have their smartphones and even notebooks, while keeping them isolated from the company's main network. I did this once for a client. It is not trivial but it is also not magic.
However, after some time, the complain about people not being able to use those equipments to have full access started piling up, to a point it was decided it would be a lesser problem just to ban them.
What people need to understand is that they are inside a company, not their homes. Yes, it can be interesting to the company to allow some accept and freedom, thus improving morale and productivity, but controls are needed, both for security and legal reasons. That is unaccepted to enough people to make it not worthy for the companies to implement.
morcego
Yes, these functions can be easily taken care of with a laptop. However with the constant shuffling from meeting to meeting many times the phone often becomes the go-to device when away from the desk. When away from the office, communications in the evening, over the weekends, etc. are becoming increasingly more prevalent.
This brings up the entire philosophical debate on how much more (or less) productive everything makes people who now no longer have the luxury of checking out, having a singular focus, is forced to multitask, etc. but the greater point is if the expectations are for the constant connectivity of employees in a workplace then you have to take the good with the bad.
Is it reasonable? .. absolutely. .. when you go through the metal detector/xray if they see a phone (or anything else with a microphone/camera) it gets confiscated and you get it back when you leave. I don't have any issue with this at all.
.. not attend to personal matters. You have a phone on your desk, don't you? .. I'm fairly certain that in an emergency, someone can call the main number of your employer and say "this is X's daycare, Y just fell down the steps .. we need to speak with Z immediately" and you'll get the call. Remember .. kids survived just fine before cellphones and Google calendar.
.. while it might be technically feasible to create separate networks or require MDM middleware for BYOD it's easier for them to just say "leave it in the car". Think about it .. a simple app can turn your smartphone into a GSM->Wifi bridge, webcam, remote bug, etc. Heck, just this week we reprogrammed a old Android phone and stuck it in a plant to catch somebody stealing out of the office fridge.
I routinely visit a location like this
You're forgetting that you're being paid to WORK
The malware concern is legitimate as well
If you're working on material or systems that are classified, or something akin to the iPhone 6, then yeah. Letting *any* communications device into the work area is a very bad idea. You are being targeted. Probably very specifically, too.
If you're not working on anything of that nature, then probably not. Who cares if anyone sees the inside of your office? Or hears you talking sports scores? It's creepy as Hell, and you should probably be more worried about the fact that someone is mucking around inside your phone, listening to you.
The exception to this, is when you walk by some moron's desk, and they have their smartphone plugged into the USB port of the computer, MOUNTED AS A HARD DRIVE.
A computer which is inside the company firewall.
Sometimes, you just have to assume the lowest common denominator, because convenience in listening to an MP3 collection will always trump common sense.
[End Of Line]
Guess what? Your normal "dumb" phone can do that.
Only in countries where it is common practice to share one SIM between two different phones, a "dumb" phone carried to work and a smartphone used elsewhere. In the United States, on the other hand, Verizon, Sprint, and MVNOs using either of their networks do not use CSIM cards; instead, they program the subscriber identity directly into the handset.
I work in pharmaceutical research. Policy is no cell phone at all, not laptop. No electronics go in and none go out.
I would consider them (Boeing) and others in their line of business to have about the most conservative position on such technology. Seeing as how they have pretty much given up on such rules, I don't see how any other employers expect to get away with them.
Also, if employees are going to steal proprietary data (for which I'm sure there is a company policy prohibiting said activity), sneaking a camera, USB drive or whatever onto the property in violation of rules is not going to be a deterrent.
Have gnu, will travel.
If, after 20+ years of personal computers we still can't stop people from accidentally downloading malware, good luck preventing it on smart phones and other portable devices. The problem is, and always will be, the ignorance of the user.
People in the field would have a device provided by the company, because the employee would be billing back all related expenditure (data and voice) to the company anyway. That device would be locked down by the IT dept; Both Android and iPhone support device policies and central management now, and BlackBerry was designed for this use.
Finally had enough. Come see us over at https://soylentnews.org/
Then it's a company-issued phone with company-controlled software. That means no angry birds or other goofing-off apps.
If you're allowing BYOD for company use you're asking for problems, but that too is manageable with the proper software containerization.
A lot of people I know are using their personal smartphones for work, including me. Check on a server, bring up an app. Check out the WiFi, bring up another app. I have tons of apps on my personal phone that have saved countless hours diagnosing issues
Fact is, an awful lot of employers should be kissing our asses for using our own personal devices to be more productive at work.
We were have some pretty bizarre network problems in our office one day - some machines were able to connect to our db server whilst some couldn't, and other could intermittently. Long story short*, somebody's smartphone (Android in this case) was responding to ARP requests (requesting the MAC of the server) even though it was showing its IP address as being assigned by DHCP. I reckon its previous IP on the user's home network was the same as our server, and for some reason kept answering to them.
*Once I realised that packets didn't seem to be making it to the server (pings were intermittent), it dawned upon me to check the ARP tables on the clients. Looking up the manufacturer of the MAC address didn't immediately help as I didn't recognise the name, though I assumed it was a phone. At that stage I wasted time looking through all the phones looking for an IP address conflict (bad assumption). Finally looked up the DHCP leases for the offending MAC, found it's current IP (no hostname was provided by the client), found the offending phone, and very nearly shoved it the arse of the owner.
1 you don't have a "cell phone" you have a Mobile Computing Device (that does phone calls)
2 you don't have to be connected to your personal/business world 24/7/52
for the lower end get a metal box of some sort line it with paper and then for a few hours a week put your MCP in the box and CLOSE it
for the 1% folks get somebody to line an old cigar box with metal and then silk and a few hours a month put your MCP in the box and close it.
and no but then BYOD policies are STUPID if your business requires cells/MCPs then ISSUE THEM
Any person using FTFY or editing my postings agrees to a US$50.00 charge
It's that simple. Buy a wall charger (if you need to charge the phone during the day) and keep the thing completely off the grid at work. There's no way I would connect a storage device to my company network. They tend to frown on that kind of thing.
So where's the problem?
Is it fair? Sure. But if they want to ban your phone in their office, politely tell them you are quite fairly banning their office on your phone. No work after 5, no emails over the weekend, no contact over holidays; that stick goes both ways and if you can't bring your life to work you shouldn't have to bring your work into your life.
I live in constant fear of the Coming of the Red Spiders.
A properly managed wifi infrastructure should mitigate most of the concerns.
We normally roll out Internal, Internal Limited Access (eg to internal mail gateway or intranet only for pool devices) and Guest wifi AP’s.
Phones, tablets and non corporate-controlled notebooks get guest AP access only, so that any internal access is through normal firewalled routes. All wifi access is via firewalled connections, even internal.
Good luck getting smart/skilled people to work for you -- anyone with half a brain (and/or a shred of self-respect) wouldn't subject themselves to such a workplace for half of their waking hours.
should be allowed the use of smartphones.
We play the game with the bravery of being out of range
The assumption that you can't just leave your smartphone in your car is absurd.
This current reality is that people have started to rely on having their smartphones with them at all times for things such as receiving emergency calls from day cares and schools
If only you had a phone at your desk and work and could give out this "work number" like people have been doing for about, oh, a hundred years?
making personal calls during normal working hours (i.e. to make doctor's appointments)
Pick up the phone at your desk and dial.
accessing password managers
This is pretty absurd. There's a few million people in this world who don't require a password manager on their PERSONAL PHONE.
and scheduling calendar events
Jesus H Christ, get off facebook and get back to work. What is this world coming to.
EVERY worker does not have "a desk", in fact less than 10% of the workers at my present workplace do NOT have "a desk", they have toolboxes on wheels.
Your experience does NOT define ALL reality.
GET OVER YOURSELF!
If you are going to ban cell phones ban them. Don't single out "smart phones" that to me just seems silly. A lot of jobs probably require to some degree that people have their cell phones though, but we are entering an era where there will be nothing but smart phones. An exercise in futility to ban them I'd say.
We are actually in the midst of going through something similar at my company (a very open, not secretive environmental firm). We recognized through employee surveillance and traffic logs that cell phones were a huge security risk at our firm and the decision was made to control as much as we could while still maintaining our "Mom & Pop" company feel.
We switched all of our cell phones from one carrier to ATT and we purchased the MobileIron software (VPS and Sentry) to control all the aspects of the company phones that enter our buildings. In addition, for the people who chose the monthly subsidy as opposed to a company phone, we prevent them from getting WiFi access from within our offices as best we can (MAC whitelisting isn't foolproof but helps with 99% of our users). We don't allow the non-company provided phones to work if they are plugged into workstations via USB cable. With MobileIron I can control basically every aspect of their smartphones including camera control, data usage, app installs, etc.
Now, we don't have this fully running in production yet so I can't comment on the pitfalls I'm sure to face, but the short answer is workplaces don't necessarily need to ban smartphones as that could actually cripple some business processes; however, they are definitely a security threat that need to be managed just like other corporate and employee owned devices.
Hagrin.com
My god, this attitude is amazing, what primitive part of the world did you grow up in? Most normal employers realize that work and private live are not so easily seperated and simply allow the two to intertwine. If I ask someone to stay late because of deadlines, can I then deny them time to make calls during office hours to arrange private things? Hell, this must be an American thing. Do you also object to people using the company printer?
Of course, normal people realize there is a line, you can print out a form, your CV is a bit touchy and you do NOT print out a thousand copies of your novel but come on!
If your tried that master slave attitude in Europe, you would find yourself soon with no employees left.
Unless there is a VERY real need for security, everyone carries a mobile phone with them in Europe. The idea you shouldn't answer a personal call during office hours is just so 19th century. Come on, join us in the future, we got cookies!
Ten to one this gti_guy doesn't have a job, lives in a trailer on government assistance and whines about all those leeches living of the state.
People good enough at their job to have one know they are valuable and companies are willing to keep them happy.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
No, it most certainly is not. Salary negotiated by both parties is indeed enough compensation because you were involved in its negotiation. The number of hours per week you owe to your employer is part of your employment contract. Beyond that contract is not covered and therefore NOT COVERED. I am happy to go above and beyond for a company I enjoy working for, but my rights are my rights.
Enron used to keep their fax machines locked up to prevent "espionage". Of course, we all know why they did that.
Only works as a phone, not even a camera on it. Costs me $7 a month.
It also lasts 4 days on a battery charge.
The concept only worked from 1876 till....
Banning them from connecting to your network is completely reasonable. Banning them from being physically in the office is both unreasonable, and ridiculous. Pew did a study in aug 2011 that said 35% of adults have a smartphone. The numbers are obviously much higher in Jan 2013, and higher among office workers. Do you really think you stand a chance of banning anything that eventually everyone is going to have?
If you try to ban smartphones, you'll lose eventually. The people in charge will just tell you were to stick it.
The internet access on the phone is paid for by the individual, the company doesn't have to pay for it, so why is it any business of the company that it has "unregulated internet access"?
As long as the device isn't connected to an internal company PC in such a way as to make the phone a "wireless router" to allow the company's computer access the internet without the company firewall and protection, safeguarding THEIR equipment, its access is immaterial.
If the company wants to make people buy a second phone for work, then maybe the company ought ot buy one for them, sim unlocked, so they can use it.
I have opposite problem. I left me cell as an emergency contact on my out of office reply, and now boss man keeps using it instead of either me desk phone, email, or the lab phone. I previously strictly only answeered calls from my wife (who knows only to call me for very important issues during the day), and had previously not read text until the end of the day. I've missed enough impromptu meeting he called via text message that I had to take that off of silent, which is very annoying for all the other texts that come in during the day. Several gentle "cease and desist" conversations have not gotten through. I am tempted to send him a bill to see if that gets through.
"What happened to giving them your work place number like you know, your parents did?"
The companies complained about users "abusing" their kit by using the phone for personal reasons.
Dilbert has several times illustrated this problem. Usually Alice (who has kids). The secretary is too powerful to be told off for this.
... usually is the kind that force users to have windows and to use outdated versions of internet explorer (because some specific internal app depending on it) and Outlook and enables internet browsing. Or not enable internet browsing for most employees, but surely he does it in his window pc, and/or enables non-it managers to do it, connected at the same time with the most critical networks of the company. And, of course, there is always the point to VPN/internal portals connections from his home or whatever access point that he finds outside, again, from his personal windows computer/pc/tablet. Extra points if connects with secure networks/protocols like vpns, https, or ssh, from unsafe computers, saying that anyway the communication is all encrypted.
Cellphones are a threat, but a far less probable ones than all those scenarios so far. In fact, those managers are a bigger threat than cellphones.
As a "mobility specialist" working on BYOD efforts... only one of the four major smart phone OSes was designed with enterprise usage in mind. Their security is crap. Their implementation of what security features they do offer is crap. Integration with existing laptop/desktop security systems is even worse.
It costs more to implement BYOD (Bring-your-own-device) than it would cost to give each employee a smartphone (including data plans).
The only reason people are seeing big pushes for BYOD acceptance is that it's being pushed top down from the executives in love with their "Executive Bling".
If this was about the lower ranks, you'd see a lot more "just ban them all" approaches.
No, if you are professional staff (meaning EXEMPT) you work until the job is done. There is no overtime.
.. the policy is simple .. for this job, you must be reachable if you are on-call. We don't care HOW you are reachable, but you must be reachable.
For those that say "if you want me to be on-call, you need to give me a toy"
What does that even mean?
Banning any non-corporate device from connecting to any corporate network/device? Fine, that's pretty much what i expect from a serious company.
Banning the personal usage of a private smartphone? Not gonna happen.
I have only one question:
Do they allow outside email to reach you?
Actually, that goes for preservation of secret information, too.
In either case, the greatest security concern is the meat they call the employee. Hardware is easy to secure by comparison.
If you need to make a personal call that you do not want to/cant make from your desk line, go out to your car during lunch and make it.
What do you recommend for people who use public transit instead of driving to work?
Go outside and make the call? I mean, how many people are out there working in submarines, underground silos or a bunker in the middle of the Mojave Desert for whom the simplest, most general case solution is not applicable?
They're cheap. I've managed to live without a "smart" phone for a very long time. Yes, they have some nice features, but nothing I cannot live without. And yes, your employer is perfectly justified in banning personal electronics on company property or a company functions. He does, after all, pay your salary.
all it takes is for some PHB to make a rule and so how it ends up hitting people who need a phone to do the there or let say some one who is in office and in field.
And let's say it's use your own phone and we will give some cash to offset the voice + data cost.
Depending on the environment this is not really news. I have been politely but firmly asked to leave my not (very smart back then) phone with a camera at the gates of some places for at least 5 years. And it was not only places where people usually wear a uniform...
If I were in charge of a site where sensitive data is being handled (i.e., any self-respecting business/government/military environment) then I would ban any external computing/storage device from the site. This is not even worth discussing.
While completely banning smart phones altogether does seem a bit extreme, yes, the concerns are real and, yes, they are right to ban them.
A more reasonable approach would be to have company issued smart phones which the company enables strict security policies on, but banning them works too if there is no business need for them. I do hope, however, that the rest of your security posture is ramped up to match this somewhat stringent measure, and it's not some one-off policy that some manager got a bug up his ass about...I suspect that's probably exactly what it is, though.
BYOD and smart phones are rapidly becoming the bane of Infosec's existence. Companies are spending very significant amounts of money on MDM solutions to enable their employees to use whatever devices they like. If this is consistent with the company's culture and is affordable for them, that's fine. However, people push this privilege way too far. They insist on being able to use the latest and greatest tablet that just came out for their job. They want to use their iPad rather than a company issued laptop for work and will whine to upper management when they can't. Companies are not in business to give you an excuse to use your new toy, they're in business to make money and you need to comply with whatever policies they set.
The first post where the guy talks about how the "burden of proof" is on the employer (!!) is the most asinine thing I have ever read. It's typical of the entitlement mentality that I see every day. If you don't like the company's policy on smart phones, go work somewhere else. The company can set whatever policies it likes for interaction with it's systems, and you can take your labor anywhere you like if you're not on board with those policies. The company is under no obligation to "prove" anything.
At the end of the day, it's all about risk mitigation. Do smart phones pose a significant risk to the company? How big a risk? Are the benefits they provide worth spinning up an MDM solution? What policies need to be enabled to mitigate the risk? Are there other ways of mitigating the risk such as DLP? Do employees need remote access to their email? Do they need to be able to access the company wifi from their phone? Does every employee need this, or just some? These are the questions you have to ask.
back in the 90s we used to call it Spyware,
now its been successfully re branded as "analytics" and there are hundreds of companies doing it because they know you have no way of stopping them.
from Apple to Adobe Omniture to Flurry to AdMob to Mydas to Conduit, the list is endless.
its a plague and everybody seems to be fine with letting their GPS location, address books etc be slurped up by these bottom feeders so why not your images ?
i have deliberately avoided smart phones because the ecosystem and all its apps seem to be designed around getting as much of your personal info they can and selling it to anybody with a dollar, all apparently legal and acceptable to its users (its not hacking if you ask the user in a 10000 character eula).
Stick a packet sniffer on your network and watch, its an orgy of http(s) requests to these silent/unknown companies who have nothing to do with the problem your "app" was supposed to solve.
It's a good concept, my only question is, what is the point of IT then. You can isolate smart phones on to seperate wireless networks and then ultra scan those networks. However I agree that sometimes just blocking it can be the best answer.
They wont ban using windows for the exact same reasons, so why would they ban smartphones?
Do not look at laser with remaining good eye.
Anyone with a WAP connected directly to a LAN deserves *exactly* what they will eventually get. External firewall, internal firewall, and the area between them (the DMZ) is where the WAP belongs, if it belongs on your network at all. Chances are, it does not.
As someone who's worked for a defense contractor, wireless devices were not restricted when I worked there, because there was no on-site wireless access. Anything that had a camera or could act as external storage *was* restricted though. Check it in when you get to work, pick it up when you leave. This is not a bad policy for non-governmental entities either. Only the me me me generation thinks they have any legitimate need (or "right", *snort*) to have any personal devices of any sort with them when the are *at work*.
Various companies happily allow BYOD phones, and allow one to expense a proportion of one's bill to the company. A subset of them expect BYOD pads and laptops.
In general, a company could permit almost any device if it provides "mandatory access controls", such as lockouts for the camera when in the office network, and encrypt-all-corporate-data using a company key. The general case was figured out circa 1985 (orange book) and encryption-as-MAC by the personal electronic health care records in the last few years.
davecb@spamcop.net
It's funny how problems that companies are experiencing today were addressed by RIM YEARS ago. Funny Apple and Google chose to ignore this...unless of course they never intended to address the enterprise market.
Don't want your employees playing games (or other time wasting activities) on their phones during working hours - There's a BES policy for that
Need to ensure your office is shutterbug free - There's a BES policy for that
Need a way to allow your employees to have personal information and work information on the same device but kept separate - There's a BES policy for that
I'm sorry but having to have your camera physically removed/disabled is ludicrous in this day and age. Even having to go to the local carrier to have a block installed is borderline insanity. BYOD is going to bring some enterprise to its knees and there will be outcries that something must be done to protect sensitive data. Companies are already lining up to provide solutions to problems created by iOS and Android not addressing security up front.
MY answer to the question is - Does your job benefit from you having a smart device with you? If yes then they need to provide it pre-configured to best serve their needs or reimburse you for bringing your own device. If you are just bringing a personal device for personal use then they have the right to restrict its use while on their time and property. Years ago I was studying for my EE degree. I had a job working for Compaq on their assembly line. I was not allowed to have my books at my station even though there was an area under the station for personal items. I had planned to study during breaks but was informed that would not be allowed. It was their right. It was my right to quit so I did after about a week when I had found another job.
"A person is smart. People are dumb, panicky dangerous animals and you know it." - K
Smart/Cell phones have become an addiction. Pure and simple. Just the thought of leaving it at home or maybe your plan expiring sends people into a DT OMG nothing else matters till I get this thing back frenzy. A couple years ago I was there. I recognized the signs of addiction. I made the choice to put it down and walk away. Yes I have a piece of crap that we take on trips and whatnot..but the vast majority of the time I live untethered. I have to admit the first couple weeks without it in my pocket was pretty difficult. But after a while the sense of being free from the nonstop barrage of texts and calls and not to mention the surveillance..just the freedom of not being tied to the damn thing was worth the pain of separation. But..but.. I can turn it off any time I need to... yea.. sure you can..sure you can. This story isn't about security.. it's about how can I keep my addiction.
VMware is piloting a software solution to allow you your public smartphone identity for outside the workspace, couples with a company-controlled VM on the phone, which will be authorized to access company resources. The VM can be deleted by administrators and updated as necessary. It functions a two-factor authentication, and role-based SaaS. I see it as having potential in this area.
The people in the field would use a company-issued or a company-sanctioned and locked down phone. Again, the story was about personal phones within their in-building workspace.
The most dangerous thing to security is a disgruntled employee.
If your regulations increase the likelihood of annoying your employees, they are actively counter-productive to security.
Ian Ameline
The fuck it is.
You get X hours for Y dollars. You want more you pay more. That is it. If I had a manager that tried that BS with me, I would be sure to take full advantage of all my breaks, work only to the clock and any on call or after hours would of course be done in such a way to only barely meet the requirements and time limits. Sure I could be paged at 4am but since I have a 4 hour window I will go back to bed until 8am and do it then.
That shit cuts both ways.
...that you were trying to be informative.
>If not having your pacifier with you at all times makes you that uncomfortable, find a different job
Not sure why the pacifier jab was necessary, but the logic is valid, if you don't like the restrictions of an employer find a different job, and let evolution punish the employers as shortsighted as your post. I'm all for a Libertarian approach to the problem and would never advocate any legal guarantees in this regard.
However, I actually have people skills, and talented managers never make arbitrary employee impacting decisions in a unilateral fashion. It's not that they aren't as entitled as your post suggests, simply that they know this is a losing game.
If you work with classified documents, or as a life guard at public pool, there can be legitimate reasons an employer wants your phone stowed. But in the vast majority of workplaces, there is no business reason and taking peolpe's connectivity away is just a cop-out for lack of manager interest "managing" employees.
My director sets goals for me, reasonable, achievable, business aligned goals with timelines. I get them done and more, year after year, which is why, when I want my phone on my desk and to take a 10 minute break to reply to some indignant teenager on /. I can take that time.
Ols school thinking for last century corporations.... let them wither and die.
Part of my job is to advise companies on security policies like this, and I have advised in favor of such restrictions when asked. However this is done out of respect for the end-user's privacy. The reasoning is that there are two conflicting priorities in permitting BYOD use and network access:
First, as a security officer I have a duty to ensure that the network and all devices connected to it remain secure.
Second, as an agent of the company I have absolutely no right to dictate to an employee what they must or must not do with their device to prove that it is secure. It is their device which they purchased with their money to use for their own purposes.
Since I cannot prove that the device is secure without violating their privacy or exerting an unreasonable amount of control over the device, the only resolution is that the device is not permitted.
If you really need a device, then the resolution to that is to get the company to buy you a device -- at which point the company owns it, and can dictate what security measures are taken.
At the end of the day, a company pays you to do a job, and as such has the final say over how you do it and what tools you use to do it. It may not be your choice, or the best choice, or even an efficient choice. But that's how they want it done.
Good employers will listen to their staff and make adjustments and get the tools that their staff need. But it isn't mandatory.
If you don't like the job, and the employer won't change it to suit you, you have two choices: live with it, or leave.
you should read everything on the internet as if it had "but I'm probably talking out of my ass" appended to it.
The burden of proof is on the employer to show that no other mitigating measure can address the risks. Summarily banning child protecting, emergency-aleviating technology, not to mention the tools with which we coordinate the rest of our lives, is truly bad form and will bite the employer more often than they know.
That is just wrong. The employer has no burden of proof to show why you cannot use a personal electronic device (phone or otherwise) while at WORK. It is not some god given right to have/use a smartphone. Can it be useful, sure, but you as the employee have a burden of proof to show why you need to use such a device.
For the list of reasons given in the summary:
This current reality is that people have started to rely on having their smartphones with them at all times for things such as receiving emergency calls from day cares and schools, making personal calls during normal working hours (i.e. to make doctor's appointments), accessing password managers, and scheduling calendar events."
If it is a true emergency or sick child, most employers understand that and allow those calls to come in on a regular work phone line. Making personal calls during normal working hours, sorry, most employers expect that to occur on your time, not their time, so it doesn't matter what phone you use. Accessing password managers, you don't mean to tell your employer that if somebody stole your cell phone that they would have access to everything on the company computers that you have access, do you? Scheduling and calendar events, that would be the only legitimate work related use in the list that is work related, but would be strongly tied to the nature of one's job - if you are expected to be at your desk 9 to 5, then having your schedule on your phone is not a real advantage. OTOH, if you travel a lot for your job, then it is. Another related work use, although not mentioned, would be that it allows your boss or clients and customers to get in touch with you on site or off site. Another, might be that it enables you to use job related apps when out of the office that feed back to work done in the office, etc (for instance an insurance adjuster might fill out claims reports with pictures on a smartphone or tablet instead of by paper).
Of course, if you are successful in convincing your employer that having a smartphone would enhance your work performance, you should also be prepared for possibility that you end up with an employer provided smartphone that can only be used for work related tasks and you still cannot use your personal one at work.
Just because we live in an age where we have all of these devices that can do all of these different things doesn't change the basic dynamic that employers set the rules for employees. The employee's recourse, if they don't like the rules, is to find a different employer. Plain and simple.
It is not trivial but it is also not magic.
How is it not trivial. You don't allow them to connect personal devices to the company network. If you feel you need to provide WiFi, then set up a guest network and you use the same access controls for company assets that you have for someone connecting via the Internet.
Another day, another update to a Google android app.
1- With smartphones becoming infected with viruses/malware/trojans and so on why would you risk having the majority of your workforce coming to work and possibly infecting company equipment? Is it really worth the risk of infecting your office network and threatening the security of your company to let someone bring a s3 to work? The answer is no it isnt. All it would take is one retard with an infected phone to get on the companies wifi or plug it straight into their computer or something else to ruin a companys security and waste a lot of time and energy all the while potentially exposing the network to attacks and expose their private files.
2- Why do employees need a smartphone at work? The answer is they dont. I always wondered how many thousands of hours of work are lost to companies each year because of smartphones. Employees can get on the internet, play games, send texts, watch videos, make phone calls, check their email and so on while at work in realitive privacy under their desk in their lap, in the bathroom and so on. Companies lose a lot of productivity each year because employees are playing with smart phones when they are supposed to be working. You go to work to work, you get paid to work. I dont think its unreasonable for a employer to want to ban smartphones among employees to ensure that the employees are doing what they are being paid to do. Some might argue they need it incase someone needs to get in touch with them, well if someone needs you they can call your work phone or have someone transfer them to you just like they have been doing for decades before cell phones. Well all got along just fine for centuries at work with no smart phone, the idea that we all suddenly have to have them with us everywhere we go is absurd.
3- Companies probablly collectively lose millions a year to smart phones. If you totalled all the people across the country who charge their phones at work I bet it would add up to millions in electric bills. Sure charging a smartphone doesnt cost very much at all, just pennies per phone. But when you figured thousands and thousands of people are charging their phones at work every, everyday that really adds up over time, it adds up to money the employers have to pay out of their own pockets.
You have no right to bring a phone to work. Youre on the companies grounds, on their time, being paid by them to do your job. If they dont want you bringing one you have no right to complain at all because during your work hours you get paid by them to work for the company to do what they want you to. Thats as stupid as saying "Well I have a right to bring my couch, tv, coffee pot and microwave from home because I work while I watch tv, sit on the couch and drink coffee". You can go without a smart phone for a few hours a day when youre working, its not that hard.
It often returns to my mind lately, that we hardly ever before had that widespread operating systems and applications with that much of connectivity and environment capturing potential, we would be so poorly in control of. There is shift, we are not even properly aware of yet. This was confirmed with some report, seen just several days ago, mentioning malware in smartphones being present on close to half of units. Thus, discussed employers are doing their stuff pretty right.
Servant of karma
Then I just won't work for an employer that bans the use of smartphones. I can understand not allowing personal devices to connect to a corporate desktop. As long as the device is never attached to a corporate network, then there is no cause to ban this. Sounds to me like employers are concerned that smartphones are cutting into productivity but it is easier to pass HR muster if you call it a "security threat."
If you operate around "sensitive" information or devices (such as prototypes, private development ideas, etc), then absolutely, ban cameras and smart phones. Or perhaps all cell phones. To compensate, issue one-way pagers to each employee and install basic desk phones into each office where personal calls are permitted.
If you need to document something with a photo, use the company-provided digital camera in accordance with corporate policy. Need to access the internet? Use your company's computers.
So-called "smart phones" are definitely a liability. The only reason you would allow them is if you aren't working around sensitive IP.
Since sensitive information can be carried out of an organization written or printed on paper, we should also ban paper, pens, crayons, markers, and eyeliner.
Remember kids, if you're not paying for the service, YOU ARE THE PRODUCT THAT IS BEING SOLD.
The fuck it is.
You get X hours for Y dollars.
real jobs go like this:
you get X work done for Y dollars.
X = what they hire you to do.
If you can do X in 5 hours than they are overpaying you, nice one!
If you can't do X unless you spend 70 hours then you took the wrong damn job.
Not sure what you mean by real jobs.
In my profession often the amount of work to be done is not predictable in that sort of way.
Q: Why would any enterprise allow/sanction/encourage the use of mobile devices in their workspace? Why would they add a Blackberry Enterprise Server or an ActiveSync connection and allow their staff to pull down corporate messaging onto their personal devices? Don't they understand about the security risks and the administrative/support overhead of bridging the gap betwen company equipment and personal equipment?
A: Silly rabbit. These technologies push the executive mindset of being permanently at work down the management chain and into the front line staff. Employees "steal" 5 minutes away from work to check their bank balance etc. only to lose 10 back responding to "urgent" emails or chasing arbitrary deadlines that can only be met by working after hours. Extending the enterprise into employee's mobile devices is effectively a rollback of decades of labor law that today's workers accept willingly. Remember kids: Stay in "non-exempt" job positions as long as possible!
I'm not sure what you mean by prediction? Like you don't know how long something will take you until you attempt it?
I've only run into that once when I was doing quality control work. On one project I fucked up and gave myself two weeks to do what turned out to be four weeks worth of work and I had to work "late" and on the weekends. I didn't charge my boss anything extra since I had agreed to the terms beforehand. I said I could finish it in two weeks and I couldn't. That wasn't the owner's fault.
By "real job" I meant one that isn't "I am scheduled until 5 so at 4:59 and 59 seconds I stop working and leave"...more a job that is a list of responsibilities and you take care of them as you see fit.
"mandatory access controls" on personally owned devices don't go over so well.
No more like you don't know what you will be doing today, because you have hundreds of servers and anything could break or be screwed up by someone. Even when you find the problem, it might not have a known cause and you will have to try to find that. It gets fixed when it gets fixed. Sometimes that means staying late, sometimes it means some dev machine is not usable for a couple days. If you want more than that I would want more money since that was not the deal I agreed to when I was hired.
My job meets that definition of a real job.
Fuck no it's not. I get a higher salary for other reasons, and my work is managed by a contract. If it's not in the contract, it doesn't fucking happen. I'm not a charity.
You get X hours for Y dollars. You want more you pay more.
That's the arrangement that I have with my boss: any work while clocked out is recorded on my time sheet the next day. It's just that in the United States, the Fair Labor Standards Act makes certain salaried employees in managerial, engineering, and marketing positions exempt from its overtime provisions. I was under the impression that a lot of Slashdot users were in exempt engineering positions.
This is work, not school. I can keep my "gun unloaded" or even in my briefcase if my employer feels its necessary, but I can't think of any reason that I should not be allowed to bring it onto premises at all other than unhealthy paranoia.
If you want more than that I would want more money since that was not the deal I agreed to when I was hired.
Ah okay. You seemed to be of the attitude "If you want me to work longer than the standard work day, you give me more money"(X hours for Y dollars)
I fully support "If you want me to do more than I originally signed up for, you give me more money."
a) IMHO the main danger is not the camera, but the microphone.
b) No, in my experience there is no way to educate users against stupidity.
c) The dangerous question is: can i use the password manager on a private phone to remember the password to my PC in the office? (yes - you can; i would even assume some peiople sysnc the note unecrypted into the cloud)
So is forbidding smartphones the right way? No, for some reasons:
a) it is nearly impossible to control - unless you make random searches
b) it places you in the responsibility to provide a safe storage for the phones
c) even simple phones have note functions and microphones. the last phone i had without a capability to access the microphone by software must have been around 2002.
So what to do:
a) dont use passwords alone for log-ins, but two-factor authentication
b) structure you infromation infrastructure in a way in which everybody has access to what he needs
c) Teach people to leave their smartphone turned off and in the locker of their desk in really confidential discussions or presentations
Verizon uses A combination CSIM/USIM on all 4G LTE phones, meaning most 2011 and newer Verizon smartphones are able to perform a SIM swap scenario.
But can these combination CSIM/USIM cards be swapped into Verizon dumbphones, such as the dumbphone that one would have to carry in a smartphone-free zone? Even if one device supports CSIM, the other has to as well, or the device portability of subscriber identity fails.
They are a danger when you allow others to set controls on things you care about. The obvious example is UEFI boot, which is fine if you use it to select who can boot, and bad when Microsoft is making the decision about your device.
In the context of BYOD, I will happily grant MAC access over the camera and gps to an employer when I'm on their network, but they need to publicly agree with me on what they're doing. I and many other people will likely grant an employer the right to encrypt the company's files, so long as they agree not to encrypt or delete mine on the same device.
The asymmetry of power poses a risk even in the acceptable cases, so arguably one should only use mac-implementing programs from a trusted third party, like a Google or Apple.
davecb@spamcop.net
I feel that these are feel good "solutions" that do not resolve anything. If the intent is spying on a company or organization such precautions would be greatly ineffective. For instance, even if you ban cameras the paid spy would probably bring something less suspicious such as a pen or button that contains a secret camera. Malware such as Stuxnet/DuQu/Flame (as well as many others) have proven to avoid detection for extended periods of time. Mind that these Malware have infected the actual work terminals themselves network-wide even through USB flash disks. Also mind that we only hear about espionage attempts that have failed to remain secret for one reason or another and perhaps many successful cases will forever remain a secret. One solution would be the elimination of computers entirely at a significant cost of productivity (and paper tends to be taken away from the office).
People are reading this and applying the ban to multiple problems
1) Productivity. As someone pointed out, if it is a real 9-5 job, hourly, then the company can and should ban use during work hours (regardless if it is on a wifi conneciton on the ocmpany network). If you are exempt, and work as needed, including off hours, it should not be an issue.
2) Physical Security: Most phones can act as a usb thumb drive, so any company that feels the need to restrict thumb drives should also block those (again, assuming no wifi) on company machines. If you are not allowed to bring a USB drive in on your keychain, you should not be able to bring a phone.
3) Network security: This is the real issue, having the device on your network. There is a very easy fix for this. Use a certificate based wifi system with a hidden SSID for company machines. For non company machines (phones, laptops, tablets, etc), create a guest network using a password based crypto and transmit the SSID. Then isolate the guest VLAN. This allows phones and such to be on the WiFi network, adds convenience and minimize risk for company assets. The cost is minimal for most companies to maintain a standard guest network across all sites, and employees find it valuable. (CxO's in particular)
Is there a way to educate employees about preventing this sort of thing
After 20+ years of computer viruses, you are going to ask that question? If that were possible, there wouldn't be a problem with computer viruses because people would practice safe computing.
For an even better example, look at personal data loss. After decades of "Back your shit up", as I type this there is someone in the process of screaming "Noooo!" as their personal data disappears into the bit bucket because he had a catastrophic failure and had no backups.
There is no "-1 offended" or "-1 you don't agree with me" mod options for a reason.
The number of hours per week you owe to your employer is part of your employment contract.
BZZT. I'm salaried. I have no set number of work hours other than "full time". If I get my projects done on-time, I fully expect to do whatever I want with the remaining time.
With the first link, the chain is forged.
You seem to be confusing "allowing work and private life to intermingle" with having no private life. Sure, there are people who just can't stop working - that's not what the GP is talking about.
I worked a few hours on New Year's Day, because something needed done. However, tomorrow morning (Tuesday) I will be taking off to deal with some private stuff. I read private email at work; check work email at home. Work tends to come in clumps - the second half of 2011 I worked 60 hours every bloody week; this Winter and Spring I will finally be able to compensate, and expect to average 30 hours or less. My employer only cares that my job gets done (and done well); they don't care a whole lot about exactly how and when the work happens. This offers flexibility, which is pleasant. Everybody wins.
Maybe this is a European thing?
Enjoy life! This is not a dress rehearsal.
First they came for the iPhone users, but I said nothing because I do not own an iPhone. Then we noticed how much more productive it was. And it was good.
A lot of companies have a policy that no employee device will ever touch the internal network. I currently have two phones, one work phone and one personal phone due to all the rules and restrictions on the work phone. But to physically ban me from having my other phone on the premises because someone could hack my phone and capture the camera/audio would take it to an entirely different level. You don't put together an Ocean Eleven team to rob a gas station, neither do you do hack an employee's cell phone for a few SSNs. Yes, if you really think you could be the potential victim of advanced industrial espionage and not just a former employee taking everything with him out the door - a far more likely scenario - then sure. But I'm guessing the few who really have reason to fear this already know.
Live today, because you never know what tomorrow brings
Starting this year the company supplied mobile phones (ranging from very dumb and old to iPhone 5) were taken away in an effort to save money. If you want to use one you can, but you have to buy it, pay for the plan, allow the company to put encryption and remote wiping software on it.
...US Mail. On Sundays you can send a courier. There you go, I am reachable.
...your first "Advice On Security Policies Like This" is: "If a smartphone is a real security risk, you have a lot bigger concerns, security wise, than smartphones." (and, yes I am aware that in fringe scenarios a phone is a very real risk because of cameras and recording devices.) A policy that says "don't connect your phone to the computer/etc" is just as effective unless you are going to search employees and get the backscatter xray out.
I didn't realise that the only personal call one can make is to the reception of one's GP...
When the pull that shit I will take as much raw proprietary data as I can take and dump it online in several places.
It won't cure the stupids but I'll let them know it's an inside job and that it's in retaliation for their idiocy.
That should heat up the us vs them mentality and create a hideous work environment which will help drive quality people away and keep the cretins.
This is of course a public service. Such companies need bled white then converted to biodiesel.
And when your child dies of aniphylactic shock because the school could not reach you on your listed emergency number and the company IP based phone system was down, then you can sue that company for everything they have or ever will have.
It is an illegal policy (reckless child endangerment) - nail em for it.
Sure and I'm in a shielded building. Can I sue them because there is no decent cell coverage at my desk? We really can't be this lame :-(
Absolutely! Not even for a security issue, but people have lost so much productivity due to smartphones. DOn't try to tell me you are more productive and then give me reasons (and certainly not a link to your pintrest of how it makes you a better worker). I would bet bathroom breaks have increased dramatically due to facebooking in the stalls, and I for one, were I given the power, would outright ban them at my shop. Period. Use them on break, but do not bring one into the shop. And this is just for mechanics, let alone people( lets be honest: Nerds) who are even more tethered to their devices.
It's hard to get to and from church when the city bus system does not operate on Sundays, as is the case in Fort Wayne, Indiana.
How did this comment get rated insightful?
Probably because moderators realized the implication that the phone should be stored in a locked car, but people who don't commute in a car don't have a car in which to store the phone.
either you have to ride with the less than desirables
Some U.S. subcultures would see that as a plus. Members of certain religions, for instance, use time on the bus as a chance to witness to people.
saving some gas money?
That and a car payment and car insurance.
If this restriction is made known before offering the job (say, during the recruitment stage), then this should be a no-brainer. However, if the employer is dumb enough to add this restriction AFTER you were higher... they can go to hell.
I'd bring that up at the next union meet...oh. Right...
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
At least OP sort of asked the right question, i.e. "how reasonable is this?" instead of flying off the handle insisting that his rights are being violated. At the end of the day it comes down to this...yes there are other practical solutions such as removing device cameras, MDM software, etc but those all have associated costs and require the company to pay someone to spend time enforcing the rules and verifying that your camera is in fact disabled, or you are indeed running the prescribed MDM software. Banning smartphones has no such associated cost. Sure, perhaps you could argue that no smartphones means lower productivity (it sure would for me, and a lot of folks I work with), but at the end of the day this is one of the things that makes America great. if I hire somebody to work for me and I say they can't bring their smartphone to work, then they can't bring their smartphone to work. If they do, then they can find somewhere else to work. Being the guy that signs the paychecks means you get to make the rules from 9-5.
I am the IT ops director for a small company (100 employees). About 75 of our employees have company smartphones (iphones). Cellphones fall under my purview so I am the one that people come to for ordering phones, setting up e-mail on phones, etc. The company pays for these devices and the associated wireless service and we recently implemented MDM software. You would not believe how many employees made such a stink about having MDM software loaded that gave us the ability to restrict what apps they download (we ban zynga and other games that can steal information, etc). I could understand if this was a BYOD deployment where folks were loading MDM software on their personal devices and they were bummed that meant they had to uninstall their games, but we're talking about corporate owned equipment, and the users feel that they are somehow entitled to ultimate control and privacy on those devices.
But then again, these are the same folks that want to port their personal number in (which we generously allow them to do for convenience of carrying a single device) and want the company to pay their ETF when their personal carrier charges them one. Excuse me? Why should the company pay to get you out of your contract so you can have the privilege of bringing your personal number to your work phone? You don't want to pay? Fine, use the number we issue you, problem solved.
Sorry, rant over.
.. ban usage of cellphones during work hours.
But it is mostly because of Androids well documented built-in spyware ... and because most Android users are uneducated idiots.
with smart and talented. Smart and talented people will actually understand security. College kids who think that they are "skilled" (when they are not) will not.
and use old style dumb phones to communicate across the ship.
.. malware?? I guess you never heard about infections via USB.
And malware is not the only issue. Video/audio recordings, images pictures and "sensor" key loggers are security issues too.
Quit this job. Tell them why you are quitting - then go somewhere that you can live the way that you want. When companies cannot get the type of people they need to accomplish the tasks they have to accomplish, they will change their way of doing things.
they are welcome. My smart phone spends most of its time in my pocket.
About half of humanity can't find their dick.
...less than half, in third world Asia (China, India, Korea, et al). You see, the problem is that we shared advanced medical technologies with them. One such example is ultrasound, which they then proceeded to use to allow them to selectively abort their female babies.
Really makes you wonder if the Prime Directive from Star Trek might be the best policy when dealing with these cultures.
Ya forgot the rule: don't feed the troll.
Notice that the article said that the malware needed to be installed with an app. Most smartphones run programs in a sandbox. While it's not impossible to put an unknown VIRUS on them, it's very hard to do so. This means that any programs which do this, are likely to be part of another app. While android smartphones are somewhat more susceptable to malware type solutions because of the ability to install software from untrusted sources, depending on a reputable store (like the Apple store, Microsoft store, or even some of the larger android stores) are more likely to limit the impact of these apps because the owner of the store can (and I know in the case of Apple HAS) removed programs once the threat is discovered.
There is an opportunity here for app stores to take a more active roll in uncovering these types of programs and, perhaps, some better handling of access to the camera (maybe prompting the smartphone user to "grant" access to the camera) would help mitigate issues even further. Understand also that the government has successfully had programs that listen to keyboard clicks to determine what someone is typing, but this is not exactly something that is feasible in the mainstream. I think most companies, unless maybe there are sensitive parts of the military or government, would be fine.
I used to work for LANDesk, but I don't anymore. But they are sure working on making IT departments able to handle many devices.
http://www.landesk.com/products/mobility-manager.aspx
I guess since I don't work there anymore, this isn't a conflict of interest for me to provide this answer.
The notion of oil coming from dinosaurs is quaint, and ridiculous. The more vegan-friendly answer is: plants.
This isn't made any more difficult by there typically being no cellphone tower within several hundred miles of the locations. So the only use of smartphones is as alarm clocks, phone books and pocket computers. Some employers allow them out, as long as they're kept inside the Faraday cages which the office spaces and accommodation spaces constitute.
Can't live without your mobile ... get a different job.
(Incidentally, the ability to receive an emergency call isn't going to get you home in less than several days. Live with it ; if you can't live with it, go work in a different business.)
Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"