Slashdot Mirror
Ask Slashdot: Should Employers Ban Smartphones?
An anonymous reader writes "Due to a concern that smartphones (and other electronic devices) could be infected with malware and used to spy on sensitive information, my employer has recently banned all personal electronic devices from their spaces. The concern comes from articles like this one. My question to slashdot readers: How reasonable is this concern? How can this sort of malware be prevented from showing up on our devices? Is there a way to educate employees about preventing this sort of thing rather than banning the devices altogether? This current reality is that people have started to rely on having their smartphones with them at all times for things such as receiving emergency calls from day cares and schools, making personal calls during normal working hours (i.e. to make doctor's appointments), accessing password managers, and scheduling calendar events."
You have asked an audience that knows just how ingrained smartphones are to our everyday lives. The last half of your question is a "given."
The burden of proof is on the employer to show that no other mitigating measure can address the risks. Summarily banning child protecting, emergency-aleviating technology, not to mention the tools with which we coordinate the rest of our lives, is truly bad form and will bite the employer more often than they know.
If you are working with sensitive documents, these people will remove the camera from your iPhone for $20:
http://www.iresq.com/iphone-camera-removal.html
Want to do the whole office? A 79 cent roll of electrical tape will do the trick.
The problems are solvable and worth solving. That management favors solutions that are simply a matter of writing policy, is in their nature, so don't sit in the dark and bitch, fix the bulb.
Would you ban laptops at work for the same reason?
Surprisingly smartphones have not been around forever and little Johnny & Sally still managed to make it thru daycare okay. If there's an EMERGENCY, outsiders can call your employer's main number and ask for you. You get paid to work, not deal with personal matters.
what about people in the field who use them for work???
also useing a smart phone is cheaper then cell phone + data card in a laptop.
If its a nuclear weapons research facility then this isn't that unreasonable.
If its just some normall business then its typical over reaction!
Someone has to say it, may as well be me. What is this MSN?
I hate sigs.
Would you ban laptops at work for the same reason?
A lot of businesses do in fact ban laptops that aren't company-owned.
Anything that can breach security in a government setting is worth withholding indefinitely until a practical policy can be approved which reduces risk to near zero.
For unrelated/unregulated industries, this approach is unreliable, impractical, unprofitable, and let's face it, just plain stupid.
When the foot seeks the place of the head, the line is crossed. Know your place. Keep your place. Be a shoe.
if the company provides a suitable phone as an alternative and doesnt cost the employee, its called having a work phone and its the employers responsibility to make sure whatever phones they allow that to be secured in the proper way if needed
There has been many projects that use statistics to create a remote key logger based off of sound or vibrations picked up by the acceleration of the phone. The sound and vibration in the table you make by typing actually can be used to figure out to a high accuracy what you typed. Meaning a virus in your phone could figure out where you work and your passwords. But also, they could use lasers to measure the vibration of the window to pick up the sound waves. Your screwed either way.
I imagine that company-owned smartphones managed by the company's device administration software would be allowed, but no others. Upper-level management and phone sales staff would get these as a perk; those under them aren't supposed to be receiving personal calls on company time anyway.
if you work in a sensitive area then expect high security
if you work for a US GOVERNMENT agency around classified information then you're probably following these rules already
if you work in a start up with cool tech you might expect something like this
if you work in your average workplace no one is going to care
How reasonable is this concern?
Very reasonable, if your employer is a CA. Not at all reasonable if your employer sells hubcaps. Need more info.
How can this sort of malware be prevented?
Educate employees. (But your next question shows that you already know this.)
Is there a way to educate employees...?
Yes. Employees are not algorithms. That's why we employ them instead of just computers.
This current reality is that people have started to rely on having their smartphones...
Yes, if you want effective employees, you should allow them to use their brains, as well as extensions that make them more effective.
Do you have any questions that lack obvious answers--perhaps something worth discussing in a forum?
Then why not add "app tester" to everyone's job title and call it dogfooding?
It is entirely possible to allow employees to have their smartphones and even notebooks, while keeping them isolated from the company's main network. I did this once for a client. It is not trivial but it is also not magic.
However, after some time, the complain about people not being able to use those equipments to have full access started piling up, to a point it was decided it would be a lesser problem just to ban them.
What people need to understand is that they are inside a company, not their homes. Yes, it can be interesting to the company to allow some accept and freedom, thus improving morale and productivity, but controls are needed, both for security and legal reasons. That is unaccepted to enough people to make it not worthy for the companies to implement.
morcego
Yes, these functions can be easily taken care of with a laptop. However with the constant shuffling from meeting to meeting many times the phone often becomes the go-to device when away from the desk. When away from the office, communications in the evening, over the weekends, etc. are becoming increasingly more prevalent.
This brings up the entire philosophical debate on how much more (or less) productive everything makes people who now no longer have the luxury of checking out, having a singular focus, is forced to multitask, etc. but the greater point is if the expectations are for the constant connectivity of employees in a workplace then you have to take the good with the bad.
Is it reasonable? .. absolutely. .. when you go through the metal detector/xray if they see a phone (or anything else with a microphone/camera) it gets confiscated and you get it back when you leave. I don't have any issue with this at all.
.. not attend to personal matters. You have a phone on your desk, don't you? .. I'm fairly certain that in an emergency, someone can call the main number of your employer and say "this is X's daycare, Y just fell down the steps .. we need to speak with Z immediately" and you'll get the call. Remember .. kids survived just fine before cellphones and Google calendar.
.. while it might be technically feasible to create separate networks or require MDM middleware for BYOD it's easier for them to just say "leave it in the car". Think about it .. a simple app can turn your smartphone into a GSM->Wifi bridge, webcam, remote bug, etc. Heck, just this week we reprogrammed a old Android phone and stuck it in a plant to catch somebody stealing out of the office fridge.
I routinely visit a location like this
You're forgetting that you're being paid to WORK
The malware concern is legitimate as well
If you're working on material or systems that are classified, or something akin to the iPhone 6, then yeah. Letting *any* communications device into the work area is a very bad idea. You are being targeted. Probably very specifically, too.
If you're not working on anything of that nature, then probably not. Who cares if anyone sees the inside of your office? Or hears you talking sports scores? It's creepy as Hell, and you should probably be more worried about the fact that someone is mucking around inside your phone, listening to you.
The exception to this, is when you walk by some moron's desk, and they have their smartphone plugged into the USB port of the computer, MOUNTED AS A HARD DRIVE.
A computer which is inside the company firewall.
Sometimes, you just have to assume the lowest common denominator, because convenience in listening to an MP3 collection will always trump common sense.
[End Of Line]
Guess what? Your normal "dumb" phone can do that.
Only in countries where it is common practice to share one SIM between two different phones, a "dumb" phone carried to work and a smartphone used elsewhere. In the United States, on the other hand, Verizon, Sprint, and MVNOs using either of their networks do not use CSIM cards; instead, they program the subscriber identity directly into the handset.
I would consider them (Boeing) and others in their line of business to have about the most conservative position on such technology. Seeing as how they have pretty much given up on such rules, I don't see how any other employers expect to get away with them.
Also, if employees are going to steal proprietary data (for which I'm sure there is a company policy prohibiting said activity), sneaking a camera, USB drive or whatever onto the property in violation of rules is not going to be a deterrent.
Have gnu, will travel.
If, after 20+ years of personal computers we still can't stop people from accidentally downloading malware, good luck preventing it on smart phones and other portable devices. The problem is, and always will be, the ignorance of the user.
People in the field would have a device provided by the company, because the employee would be billing back all related expenditure (data and voice) to the company anyway. That device would be locked down by the IT dept; Both Android and iPhone support device policies and central management now, and BlackBerry was designed for this use.
Finally had enough. Come see us over at https://soylentnews.org/
Then it's a company-issued phone with company-controlled software. That means no angry birds or other goofing-off apps.
If you're allowing BYOD for company use you're asking for problems, but that too is manageable with the proper software containerization.
A lot of people I know are using their personal smartphones for work, including me. Check on a server, bring up an app. Check out the WiFi, bring up another app. I have tons of apps on my personal phone that have saved countless hours diagnosing issues
Fact is, an awful lot of employers should be kissing our asses for using our own personal devices to be more productive at work.
We were have some pretty bizarre network problems in our office one day - some machines were able to connect to our db server whilst some couldn't, and other could intermittently. Long story short*, somebody's smartphone (Android in this case) was responding to ARP requests (requesting the MAC of the server) even though it was showing its IP address as being assigned by DHCP. I reckon its previous IP on the user's home network was the same as our server, and for some reason kept answering to them.
*Once I realised that packets didn't seem to be making it to the server (pings were intermittent), it dawned upon me to check the ARP tables on the clients. Looking up the manufacturer of the MAC address didn't immediately help as I didn't recognise the name, though I assumed it was a phone. At that stage I wasted time looking through all the phones looking for an IP address conflict (bad assumption). Finally looked up the DHCP leases for the offending MAC, found it's current IP (no hostname was provided by the client), found the offending phone, and very nearly shoved it the arse of the owner.
1 you don't have a "cell phone" you have a Mobile Computing Device (that does phone calls)
2 you don't have to be connected to your personal/business world 24/7/52
for the lower end get a metal box of some sort line it with paper and then for a few hours a week put your MCP in the box and CLOSE it
for the 1% folks get somebody to line an old cigar box with metal and then silk and a few hours a month put your MCP in the box and close it.
and no but then BYOD policies are STUPID if your business requires cells/MCPs then ISSUE THEM
Any person using FTFY or editing my postings agrees to a US$50.00 charge
It's that simple. Buy a wall charger (if you need to charge the phone during the day) and keep the thing completely off the grid at work. There's no way I would connect a storage device to my company network. They tend to frown on that kind of thing.
So where's the problem?
Is it fair? Sure. But if they want to ban your phone in their office, politely tell them you are quite fairly banning their office on your phone. No work after 5, no emails over the weekend, no contact over holidays; that stick goes both ways and if you can't bring your life to work you shouldn't have to bring your work into your life.
I live in constant fear of the Coming of the Red Spiders.
A properly managed wifi infrastructure should mitigate most of the concerns.
We normally roll out Internal, Internal Limited Access (eg to internal mail gateway or intranet only for pool devices) and Guest wifi AP’s.
Phones, tablets and non corporate-controlled notebooks get guest AP access only, so that any internal access is through normal firewalled routes. All wifi access is via firewalled connections, even internal.
should be allowed the use of smartphones.
We play the game with the bravery of being out of range
The Navy showed that it can be done. Presumably, the same could be accomplished by foreign governments, corporations, and even individuals.
If you are going to ban cell phones ban them. Don't single out "smart phones" that to me just seems silly. A lot of jobs probably require to some degree that people have their cell phones though, but we are entering an era where there will be nothing but smart phones. An exercise in futility to ban them I'd say.
We are actually in the midst of going through something similar at my company (a very open, not secretive environmental firm). We recognized through employee surveillance and traffic logs that cell phones were a huge security risk at our firm and the decision was made to control as much as we could while still maintaining our "Mom & Pop" company feel.
We switched all of our cell phones from one carrier to ATT and we purchased the MobileIron software (VPS and Sentry) to control all the aspects of the company phones that enter our buildings. In addition, for the people who chose the monthly subsidy as opposed to a company phone, we prevent them from getting WiFi access from within our offices as best we can (MAC whitelisting isn't foolproof but helps with 99% of our users). We don't allow the non-company provided phones to work if they are plugged into workstations via USB cable. With MobileIron I can control basically every aspect of their smartphones including camera control, data usage, app installs, etc.
Now, we don't have this fully running in production yet so I can't comment on the pitfalls I'm sure to face, but the short answer is workplaces don't necessarily need to ban smartphones as that could actually cripple some business processes; however, they are definitely a security threat that need to be managed just like other corporate and employee owned devices.
Hagrin.com
My god, this attitude is amazing, what primitive part of the world did you grow up in? Most normal employers realize that work and private live are not so easily seperated and simply allow the two to intertwine. If I ask someone to stay late because of deadlines, can I then deny them time to make calls during office hours to arrange private things? Hell, this must be an American thing. Do you also object to people using the company printer?
Of course, normal people realize there is a line, you can print out a form, your CV is a bit touchy and you do NOT print out a thousand copies of your novel but come on!
If your tried that master slave attitude in Europe, you would find yourself soon with no employees left.
Unless there is a VERY real need for security, everyone carries a mobile phone with them in Europe. The idea you shouldn't answer a personal call during office hours is just so 19th century. Come on, join us in the future, we got cookies!
Ten to one this gti_guy doesn't have a job, lives in a trailer on government assistance and whines about all those leeches living of the state.
People good enough at their job to have one know they are valuable and companies are willing to keep them happy.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
No, it most certainly is not. Salary negotiated by both parties is indeed enough compensation because you were involved in its negotiation. The number of hours per week you owe to your employer is part of your employment contract. Beyond that contract is not covered and therefore NOT COVERED. I am happy to go above and beyond for a company I enjoy working for, but my rights are my rights.
accessing password managers
Really? Surely your employer will allow you to install the damn thing on your work computer.
Not in places with locked down workstations where the individual doesn't work in IT (and thus have the permissions to change it). Besides, you're going to put a password manager on the computer that your employer manages? Do you also browse Facebook/Google+ or other sites with logins at work? Now you've just given your employer your passwords. Good job.
I have opposite problem. I left me cell as an emergency contact on my out of office reply, and now boss man keeps using it instead of either me desk phone, email, or the lab phone. I previously strictly only answeered calls from my wife (who knows only to call me for very important issues during the day), and had previously not read text until the end of the day. I've missed enough impromptu meeting he called via text message that I had to take that off of silent, which is very annoying for all the other texts that come in during the day. Several gentle "cease and desist" conversations have not gotten through. I am tempted to send him a bill to see if that gets through.
... usually is the kind that force users to have windows and to use outdated versions of internet explorer (because some specific internal app depending on it) and Outlook and enables internet browsing. Or not enable internet browsing for most employees, but surely he does it in his window pc, and/or enables non-it managers to do it, connected at the same time with the most critical networks of the company. And, of course, there is always the point to VPN/internal portals connections from his home or whatever access point that he finds outside, again, from his personal windows computer/pc/tablet. Extra points if connects with secure networks/protocols like vpns, https, or ssh, from unsafe computers, saying that anyway the communication is all encrypted.
Cellphones are a threat, but a far less probable ones than all those scenarios so far. In fact, those managers are a bigger threat than cellphones.
No, if you are professional staff (meaning EXEMPT) you work until the job is done. There is no overtime.
.. the policy is simple .. for this job, you must be reachable if you are on-call. We don't care HOW you are reachable, but you must be reachable.
For those that say "if you want me to be on-call, you need to give me a toy"
I have only one question:
Do they allow outside email to reach you?
Actually, that goes for preservation of secret information, too.
In either case, the greatest security concern is the meat they call the employee. Hardware is easy to secure by comparison.
If you need to make a personal call that you do not want to/cant make from your desk line, go out to your car during lunch and make it.
What do you recommend for people who use public transit instead of driving to work?
Go outside and make the call? I mean, how many people are out there working in submarines, underground silos or a bunker in the middle of the Mojave Desert for whom the simplest, most general case solution is not applicable?
They're cheap. I've managed to live without a "smart" phone for a very long time. Yes, they have some nice features, but nothing I cannot live without. And yes, your employer is perfectly justified in banning personal electronics on company property or a company functions. He does, after all, pay your salary.
No, it is not. For several reasons.
First of all, insurance companies explicitly tell customers *NOT* to leave any valuables in their automobile.
Secondly, auto-insurance does not cover any property stolen from an automobile anyways, and personal property insurance often doesn't generally cover things left in an automobile while you are at work anyways unless you are paying on a special (and much more expensive) plan that explicitly covers theft from your car.
Finally, not everybody drives to work in the first place.
This is work, not school. I can keep my cell phone turned off or even in my briefcase if my employer feels its necessary, but I can't think of any reason that I should not be allowed to bring it onto premises at all other than unhealthy paranoia.
File under 'M' for 'Manic ranting'
If less than 10% of your co-workers do NOT have desks, then most of them do have desks.
While completely banning smart phones altogether does seem a bit extreme, yes, the concerns are real and, yes, they are right to ban them.
A more reasonable approach would be to have company issued smart phones which the company enables strict security policies on, but banning them works too if there is no business need for them. I do hope, however, that the rest of your security posture is ramped up to match this somewhat stringent measure, and it's not some one-off policy that some manager got a bug up his ass about...I suspect that's probably exactly what it is, though.
BYOD and smart phones are rapidly becoming the bane of Infosec's existence. Companies are spending very significant amounts of money on MDM solutions to enable their employees to use whatever devices they like. If this is consistent with the company's culture and is affordable for them, that's fine. However, people push this privilege way too far. They insist on being able to use the latest and greatest tablet that just came out for their job. They want to use their iPad rather than a company issued laptop for work and will whine to upper management when they can't. Companies are not in business to give you an excuse to use your new toy, they're in business to make money and you need to comply with whatever policies they set.
The first post where the guy talks about how the "burden of proof" is on the employer (!!) is the most asinine thing I have ever read. It's typical of the entitlement mentality that I see every day. If you don't like the company's policy on smart phones, go work somewhere else. The company can set whatever policies it likes for interaction with it's systems, and you can take your labor anywhere you like if you're not on board with those policies. The company is under no obligation to "prove" anything.
At the end of the day, it's all about risk mitigation. Do smart phones pose a significant risk to the company? How big a risk? Are the benefits they provide worth spinning up an MDM solution? What policies need to be enabled to mitigate the risk? Are there other ways of mitigating the risk such as DLP? Do employees need remote access to their email? Do they need to be able to access the company wifi from their phone? Does every employee need this, or just some? These are the questions you have to ask.
It's a good concept, my only question is, what is the point of IT then. You can isolate smart phones on to seperate wireless networks and then ultra scan those networks. However I agree that sometimes just blocking it can be the best answer.
They wont ban using windows for the exact same reasons, so why would they ban smartphones?
Do not look at laser with remaining good eye.
Anyone with a WAP connected directly to a LAN deserves *exactly* what they will eventually get. External firewall, internal firewall, and the area between them (the DMZ) is where the WAP belongs, if it belongs on your network at all. Chances are, it does not.
As someone who's worked for a defense contractor, wireless devices were not restricted when I worked there, because there was no on-site wireless access. Anything that had a camera or could act as external storage *was* restricted though. Check it in when you get to work, pick it up when you leave. This is not a bad policy for non-governmental entities either. Only the me me me generation thinks they have any legitimate need (or "right", *snort*) to have any personal devices of any sort with them when the are *at work*.
Various companies happily allow BYOD phones, and allow one to expense a proportion of one's bill to the company. A subset of them expect BYOD pads and laptops.
In general, a company could permit almost any device if it provides "mandatory access controls", such as lockouts for the camera when in the office network, and encrypt-all-corporate-data using a company key. The general case was figured out circa 1985 (orange book) and encryption-as-MAC by the personal electronic health care records in the last few years.
davecb@spamcop.net
"because they know you have no way of stopping them."
I do. They get nothing from my home computers, and they get nothing form my phone or tablet Rooted Nexus 4 and nexus 7.. Both have blocking hosts files that eliminate all that crap. I also block all adverts to my devices. They want me to see adverts , they can pay my data bill.
Smart people can stop them. They know that most people are not smart enough to take control of the devices they own.
Do not look at laser with remaining good eye.
It's funny how problems that companies are experiencing today were addressed by RIM YEARS ago. Funny Apple and Google chose to ignore this...unless of course they never intended to address the enterprise market.
Don't want your employees playing games (or other time wasting activities) on their phones during working hours - There's a BES policy for that
Need to ensure your office is shutterbug free - There's a BES policy for that
Need a way to allow your employees to have personal information and work information on the same device but kept separate - There's a BES policy for that
I'm sorry but having to have your camera physically removed/disabled is ludicrous in this day and age. Even having to go to the local carrier to have a block installed is borderline insanity. BYOD is going to bring some enterprise to its knees and there will be outcries that something must be done to protect sensitive data. Companies are already lining up to provide solutions to problems created by iOS and Android not addressing security up front.
MY answer to the question is - Does your job benefit from you having a smart device with you? If yes then they need to provide it pre-configured to best serve their needs or reimburse you for bringing your own device. If you are just bringing a personal device for personal use then they have the right to restrict its use while on their time and property. Years ago I was studying for my EE degree. I had a job working for Compaq on their assembly line. I was not allowed to have my books at my station even though there was an area under the station for personal items. I had planned to study during breaks but was informed that would not be allowed. It was their right. It was my right to quit so I did after about a week when I had found another job.
"A person is smart. People are dumb, panicky dangerous animals and you know it." - K
Smart/Cell phones have become an addiction. Pure and simple. Just the thought of leaving it at home or maybe your plan expiring sends people into a DT OMG nothing else matters till I get this thing back frenzy. A couple years ago I was there. I recognized the signs of addiction. I made the choice to put it down and walk away. Yes I have a piece of crap that we take on trips and whatnot..but the vast majority of the time I live untethered. I have to admit the first couple weeks without it in my pocket was pretty difficult. But after a while the sense of being free from the nonstop barrage of texts and calls and not to mention the surveillance..just the freedom of not being tied to the damn thing was worth the pain of separation. But..but.. I can turn it off any time I need to... yea.. sure you can..sure you can. This story isn't about security.. it's about how can I keep my addiction.
The most dangerous thing to security is a disgruntled employee.
If your regulations increase the likelihood of annoying your employees, they are actively counter-productive to security.
Ian Ameline
The fuck it is.
You get X hours for Y dollars. You want more you pay more. That is it. If I had a manager that tried that BS with me, I would be sure to take full advantage of all my breaks, work only to the clock and any on call or after hours would of course be done in such a way to only barely meet the requirements and time limits. Sure I could be paged at 4am but since I have a 4 hour window I will go back to bed until 8am and do it then.
That shit cuts both ways.
Why are you on Facebook when you're supposed to be working?
...that you were trying to be informative.
>If not having your pacifier with you at all times makes you that uncomfortable, find a different job
Not sure why the pacifier jab was necessary, but the logic is valid, if you don't like the restrictions of an employer find a different job, and let evolution punish the employers as shortsighted as your post. I'm all for a Libertarian approach to the problem and would never advocate any legal guarantees in this regard.
However, I actually have people skills, and talented managers never make arbitrary employee impacting decisions in a unilateral fashion. It's not that they aren't as entitled as your post suggests, simply that they know this is a losing game.
If you work with classified documents, or as a life guard at public pool, there can be legitimate reasons an employer wants your phone stowed. But in the vast majority of workplaces, there is no business reason and taking peolpe's connectivity away is just a cop-out for lack of manager interest "managing" employees.
My director sets goals for me, reasonable, achievable, business aligned goals with timelines. I get them done and more, year after year, which is why, when I want my phone on my desk and to take a 10 minute break to reply to some indignant teenager on /. I can take that time.
Part of my job is to advise companies on security policies like this, and I have advised in favor of such restrictions when asked. However this is done out of respect for the end-user's privacy. The reasoning is that there are two conflicting priorities in permitting BYOD use and network access:
First, as a security officer I have a duty to ensure that the network and all devices connected to it remain secure.
Second, as an agent of the company I have absolutely no right to dictate to an employee what they must or must not do with their device to prove that it is secure. It is their device which they purchased with their money to use for their own purposes.
Since I cannot prove that the device is secure without violating their privacy or exerting an unreasonable amount of control over the device, the only resolution is that the device is not permitted.
If you really need a device, then the resolution to that is to get the company to buy you a device -- at which point the company owns it, and can dictate what security measures are taken.
At the end of the day, a company pays you to do a job, and as such has the final say over how you do it and what tools you use to do it. It may not be your choice, or the best choice, or even an efficient choice. But that's how they want it done.
Good employers will listen to their staff and make adjustments and get the tools that their staff need. But it isn't mandatory.
If you don't like the job, and the employer won't change it to suit you, you have two choices: live with it, or leave.
you should read everything on the internet as if it had "but I'm probably talking out of my ass" appended to it.
The burden of proof is on the employer to show that no other mitigating measure can address the risks. Summarily banning child protecting, emergency-aleviating technology, not to mention the tools with which we coordinate the rest of our lives, is truly bad form and will bite the employer more often than they know.
That is just wrong. The employer has no burden of proof to show why you cannot use a personal electronic device (phone or otherwise) while at WORK. It is not some god given right to have/use a smartphone. Can it be useful, sure, but you as the employee have a burden of proof to show why you need to use such a device.
For the list of reasons given in the summary:
This current reality is that people have started to rely on having their smartphones with them at all times for things such as receiving emergency calls from day cares and schools, making personal calls during normal working hours (i.e. to make doctor's appointments), accessing password managers, and scheduling calendar events."
If it is a true emergency or sick child, most employers understand that and allow those calls to come in on a regular work phone line. Making personal calls during normal working hours, sorry, most employers expect that to occur on your time, not their time, so it doesn't matter what phone you use. Accessing password managers, you don't mean to tell your employer that if somebody stole your cell phone that they would have access to everything on the company computers that you have access, do you? Scheduling and calendar events, that would be the only legitimate work related use in the list that is work related, but would be strongly tied to the nature of one's job - if you are expected to be at your desk 9 to 5, then having your schedule on your phone is not a real advantage. OTOH, if you travel a lot for your job, then it is. Another related work use, although not mentioned, would be that it allows your boss or clients and customers to get in touch with you on site or off site. Another, might be that it enables you to use job related apps when out of the office that feed back to work done in the office, etc (for instance an insurance adjuster might fill out claims reports with pictures on a smartphone or tablet instead of by paper).
Of course, if you are successful in convincing your employer that having a smartphone would enhance your work performance, you should also be prepared for possibility that you end up with an employer provided smartphone that can only be used for work related tasks and you still cannot use your personal one at work.
Just because we live in an age where we have all of these devices that can do all of these different things doesn't change the basic dynamic that employers set the rules for employees. The employee's recourse, if they don't like the rules, is to find a different employer. Plain and simple.
It is not trivial but it is also not magic.
How is it not trivial. You don't allow them to connect personal devices to the company network. If you feel you need to provide WiFi, then set up a guest network and you use the same access controls for company assets that you have for someone connecting via the Internet.
Another day, another update to a Google android app.
It often returns to my mind lately, that we hardly ever before had that widespread operating systems and applications with that much of connectivity and environment capturing potential, we would be so poorly in control of. There is shift, we are not even properly aware of yet. This was confirmed with some report, seen just several days ago, mentioning malware in smartphones being present on close to half of units. Thus, discussed employers are doing their stuff pretty right.
Servant of karma
Then I just won't work for an employer that bans the use of smartphones. I can understand not allowing personal devices to connect to a corporate desktop. As long as the device is never attached to a corporate network, then there is no cause to ban this. Sounds to me like employers are concerned that smartphones are cutting into productivity but it is easier to pass HR muster if you call it a "security threat."
If you operate around "sensitive" information or devices (such as prototypes, private development ideas, etc), then absolutely, ban cameras and smart phones. Or perhaps all cell phones. To compensate, issue one-way pagers to each employee and install basic desk phones into each office where personal calls are permitted.
If you need to document something with a photo, use the company-provided digital camera in accordance with corporate policy. Need to access the internet? Use your company's computers.
So-called "smart phones" are definitely a liability. The only reason you would allow them is if you aren't working around sensitive IP.
Since sensitive information can be carried out of an organization written or printed on paper, we should also ban paper, pens, crayons, markers, and eyeliner.
Remember kids, if you're not paying for the service, YOU ARE THE PRODUCT THAT IS BEING SOLD.
Not sure what you mean by real jobs.
In my profession often the amount of work to be done is not predictable in that sort of way.
Q: Why would any enterprise allow/sanction/encourage the use of mobile devices in their workspace? Why would they add a Blackberry Enterprise Server or an ActiveSync connection and allow their staff to pull down corporate messaging onto their personal devices? Don't they understand about the security risks and the administrative/support overhead of bridging the gap betwen company equipment and personal equipment?
A: Silly rabbit. These technologies push the executive mindset of being permanently at work down the management chain and into the front line staff. Employees "steal" 5 minutes away from work to check their bank balance etc. only to lose 10 back responding to "urgent" emails or chasing arbitrary deadlines that can only be met by working after hours. Extending the enterprise into employee's mobile devices is effectively a rollback of decades of labor law that today's workers accept willingly. Remember kids: Stay in "non-exempt" job positions as long as possible!
Because 6 out of the top 7 calculator apps have the required permissions to record audio, and ship it off to china on command.
No more like you don't know what you will be doing today, because you have hundreds of servers and anything could break or be screwed up by someone. Even when you find the problem, it might not have a known cause and you will have to try to find that. It gets fixed when it gets fixed. Sometimes that means staying late, sometimes it means some dev machine is not usable for a couple days. If you want more than that I would want more money since that was not the deal I agreed to when I was hired.
My job meets that definition of a real job.
You get X hours for Y dollars. You want more you pay more.
That's the arrangement that I have with my boss: any work while clocked out is recorded on my time sheet the next day. It's just that in the United States, the Fair Labor Standards Act makes certain salaried employees in managerial, engineering, and marketing positions exempt from its overtime provisions. I was under the impression that a lot of Slashdot users were in exempt engineering positions.
a) IMHO the main danger is not the camera, but the microphone.
b) No, in my experience there is no way to educate users against stupidity.
c) The dangerous question is: can i use the password manager on a private phone to remember the password to my PC in the office? (yes - you can; i would even assume some peiople sysnc the note unecrypted into the cloud)
So is forbidding smartphones the right way? No, for some reasons:
a) it is nearly impossible to control - unless you make random searches
b) it places you in the responsibility to provide a safe storage for the phones
c) even simple phones have note functions and microphones. the last phone i had without a capability to access the microphone by software must have been around 2002.
So what to do:
a) dont use passwords alone for log-ins, but two-factor authentication
b) structure you infromation infrastructure in a way in which everybody has access to what he needs
c) Teach people to leave their smartphone turned off and in the locker of their desk in really confidential discussions or presentations
Verizon uses A combination CSIM/USIM on all 4G LTE phones, meaning most 2011 and newer Verizon smartphones are able to perform a SIM swap scenario.
But can these combination CSIM/USIM cards be swapped into Verizon dumbphones, such as the dumbphone that one would have to carry in a smartphone-free zone? Even if one device supports CSIM, the other has to as well, or the device portability of subscriber identity fails.
1. Not an issue if a company doesn't give out its wifi password to employees. Simply being in the same room with a malware infected device is only a security risk if the device is permitted to connect to yours in the first place.
2. You might not need a smartphone at work. But you might need it during your lunch break.... or possibly even on your way to or from work, so it's not viable to leave it at home. Oh, and if you don't happen to drive to work, you can't exactly even leave it in your car either (not to mention the fact that leaving valuables unattended in your car can be an extremely risky thing to do anyways, since regular insurance doesn't typically cover property theft from cars).
And a company has no right to tell an employee what they can do when they aren't on the clock. Since ordinarily, travel to and from work and lunch breaks are on the employee's own time, so there's no reason that an employer can demand an employee leave their cell phone at home.
File under 'M' for 'Manic ranting'
They are a danger when you allow others to set controls on things you care about. The obvious example is UEFI boot, which is fine if you use it to select who can boot, and bad when Microsoft is making the decision about your device.
In the context of BYOD, I will happily grant MAC access over the camera and gps to an employer when I'm on their network, but they need to publicly agree with me on what they're doing. I and many other people will likely grant an employer the right to encrypt the company's files, so long as they agree not to encrypt or delete mine on the same device.
The asymmetry of power poses a risk even in the acceptable cases, so arguably one should only use mac-implementing programs from a trusted third party, like a Google or Apple.
davecb@spamcop.net
I feel that these are feel good "solutions" that do not resolve anything. If the intent is spying on a company or organization such precautions would be greatly ineffective. For instance, even if you ban cameras the paid spy would probably bring something less suspicious such as a pen or button that contains a secret camera. Malware such as Stuxnet/DuQu/Flame (as well as many others) have proven to avoid detection for extended periods of time. Mind that these Malware have infected the actual work terminals themselves network-wide even through USB flash disks. Also mind that we only hear about espionage attempts that have failed to remain secret for one reason or another and perhaps many successful cases will forever remain a secret. One solution would be the elimination of computers entirely at a significant cost of productivity (and paper tends to be taken away from the office).
Guns are weapons. There is already some regulation on hidden weapons that is completely independent of the workplace.
There are no laws forbidding you from simply having a cell phone stored away where nobody can see it.
If there were, your analogy might make a lot more sense.
File under 'M' for 'Manic ranting'
People are reading this and applying the ban to multiple problems
1) Productivity. As someone pointed out, if it is a real 9-5 job, hourly, then the company can and should ban use during work hours (regardless if it is on a wifi conneciton on the ocmpany network). If you are exempt, and work as needed, including off hours, it should not be an issue.
2) Physical Security: Most phones can act as a usb thumb drive, so any company that feels the need to restrict thumb drives should also block those (again, assuming no wifi) on company machines. If you are not allowed to bring a USB drive in on your keychain, you should not be able to bring a phone.
3) Network security: This is the real issue, having the device on your network. There is a very easy fix for this. Use a certificate based wifi system with a hidden SSID for company machines. For non company machines (phones, laptops, tablets, etc), create a guest network using a password based crypto and transmit the SSID. Then isolate the guest VLAN. This allows phones and such to be on the WiFi network, adds convenience and minimize risk for company assets. The cost is minimal for most companies to maintain a standard guest network across all sites, and employees find it valuable. (CxO's in particular)
Is there a way to educate employees about preventing this sort of thing
After 20+ years of computer viruses, you are going to ask that question? If that were possible, there wouldn't be a problem with computer viruses because people would practice safe computing.
For an even better example, look at personal data loss. After decades of "Back your shit up", as I type this there is someone in the process of screaming "Noooo!" as their personal data disappears into the bit bucket because he had a catastrophic failure and had no backups.
There is no "-1 offended" or "-1 you don't agree with me" mod options for a reason.
The number of hours per week you owe to your employer is part of your employment contract.
BZZT. I'm salaried. I have no set number of work hours other than "full time". If I get my projects done on-time, I fully expect to do whatever I want with the remaining time.
With the first link, the chain is forged.
You seem to be confusing "allowing work and private life to intermingle" with having no private life. Sure, there are people who just can't stop working - that's not what the GP is talking about.
I worked a few hours on New Year's Day, because something needed done. However, tomorrow morning (Tuesday) I will be taking off to deal with some private stuff. I read private email at work; check work email at home. Work tends to come in clumps - the second half of 2011 I worked 60 hours every bloody week; this Winter and Spring I will finally be able to compensate, and expect to average 30 hours or less. My employer only cares that my job gets done (and done well); they don't care a whole lot about exactly how and when the work happens. This offers flexibility, which is pleasant. Everybody wins.
Maybe this is a European thing?
Enjoy life! This is not a dress rehearsal.
Most of our employees do not have a desk. They have toolboxes on wheels, as you put. Those types of employees should not be carrying smartphones on them anyway for multiple reasons.
They're more likely to damage their property throughout the course of the workday and having it ring or vibrate while they're working on equipment could be distracting and consequently a safety hazard.
"Lack of speed can be overcome. In the worst case by patience." --Znork
A lot of companies have a policy that no employee device will ever touch the internal network. I currently have two phones, one work phone and one personal phone due to all the rules and restrictions on the work phone. But to physically ban me from having my other phone on the premises because someone could hack my phone and capture the camera/audio would take it to an entirely different level. You don't put together an Ocean Eleven team to rob a gas station, neither do you do hack an employee's cell phone for a few SSNs. Yes, if you really think you could be the potential victim of advanced industrial espionage and not just a former employee taking everything with him out the door - a far more likely scenario - then sure. But I'm guessing the few who really have reason to fear this already know.
Live today, because you never know what tomorrow brings
...your first "Advice On Security Policies Like This" is: "If a smartphone is a real security risk, you have a lot bigger concerns, security wise, than smartphones." (and, yes I am aware that in fringe scenarios a phone is a very real risk because of cameras and recording devices.) A policy that says "don't connect your phone to the computer/etc" is just as effective unless you are going to search employees and get the backscatter xray out.
I didn't realise that the only personal call one can make is to the reception of one's GP...
And when your child dies of aniphylactic shock because the school could not reach you on your listed emergency number and the company IP based phone system was down, then you can sue that company for everything they have or ever will have.
It is an illegal policy (reckless child endangerment) - nail em for it.
Sure and I'm in a shielded building. Can I sue them because there is no decent cell coverage at my desk? We really can't be this lame :-(
It's hard to get to and from church when the city bus system does not operate on Sundays, as is the case in Fort Wayne, Indiana.
How did this comment get rated insightful?
Probably because moderators realized the implication that the phone should be stored in a locked car, but people who don't commute in a car don't have a car in which to store the phone.
either you have to ride with the less than desirables
Some U.S. subcultures would see that as a plus. Members of certain religions, for instance, use time on the bus as a chance to witness to people.
saving some gas money?
That and a car payment and car insurance.
If this restriction is made known before offering the job (say, during the recruitment stage), then this should be a no-brainer. However, if the employer is dumb enough to add this restriction AFTER you were higher... they can go to hell.
I'd bring that up at the next union meet...oh. Right...
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
At least OP sort of asked the right question, i.e. "how reasonable is this?" instead of flying off the handle insisting that his rights are being violated. At the end of the day it comes down to this...yes there are other practical solutions such as removing device cameras, MDM software, etc but those all have associated costs and require the company to pay someone to spend time enforcing the rules and verifying that your camera is in fact disabled, or you are indeed running the prescribed MDM software. Banning smartphones has no such associated cost. Sure, perhaps you could argue that no smartphones means lower productivity (it sure would for me, and a lot of folks I work with), but at the end of the day this is one of the things that makes America great. if I hire somebody to work for me and I say they can't bring their smartphone to work, then they can't bring their smartphone to work. If they do, then they can find somewhere else to work. Being the guy that signs the paychecks means you get to make the rules from 9-5.
I am the IT ops director for a small company (100 employees). About 75 of our employees have company smartphones (iphones). Cellphones fall under my purview so I am the one that people come to for ordering phones, setting up e-mail on phones, etc. The company pays for these devices and the associated wireless service and we recently implemented MDM software. You would not believe how many employees made such a stink about having MDM software loaded that gave us the ability to restrict what apps they download (we ban zynga and other games that can steal information, etc). I could understand if this was a BYOD deployment where folks were loading MDM software on their personal devices and they were bummed that meant they had to uninstall their games, but we're talking about corporate owned equipment, and the users feel that they are somehow entitled to ultimate control and privacy on those devices.
But then again, these are the same folks that want to port their personal number in (which we generously allow them to do for convenience of carrying a single device) and want the company to pay their ETF when their personal carrier charges them one. Excuse me? Why should the company pay to get you out of your contract so you can have the privilege of bringing your personal number to your work phone? You don't want to pay? Fine, use the number we issue you, problem solved.
Sorry, rant over.
Ya forgot the rule: don't feed the troll.
This isn't made any more difficult by there typically being no cellphone tower within several hundred miles of the locations. So the only use of smartphones is as alarm clocks, phone books and pocket computers. Some employers allow them out, as long as they're kept inside the Faraday cages which the office spaces and accommodation spaces constitute.
Can't live without your mobile ... get a different job.
(Incidentally, the ability to receive an emergency call isn't going to get you home in less than several days. Live with it ; if you can't live with it, go work in a different business.)
Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"