Slashdot Mirror
Ask Slashdot: Should Employers Ban Smartphones?
An anonymous reader writes "Due to a concern that smartphones (and other electronic devices) could be infected with malware and used to spy on sensitive information, my employer has recently banned all personal electronic devices from their spaces. The concern comes from articles like this one. My question to slashdot readers: How reasonable is this concern? How can this sort of malware be prevented from showing up on our devices? Is there a way to educate employees about preventing this sort of thing rather than banning the devices altogether? This current reality is that people have started to rely on having their smartphones with them at all times for things such as receiving emergency calls from day cares and schools, making personal calls during normal working hours (i.e. to make doctor's appointments), accessing password managers, and scheduling calendar events."
You have asked an audience that knows just how ingrained smartphones are to our everyday lives. The last half of your question is a "given."
The burden of proof is on the employer to show that no other mitigating measure can address the risks. Summarily banning child protecting, emergency-aleviating technology, not to mention the tools with which we coordinate the rest of our lives, is truly bad form and will bite the employer more often than they know.
If you are working with sensitive documents, these people will remove the camera from your iPhone for $20:
http://www.iresq.com/iphone-camera-removal.html
Want to do the whole office? A 79 cent roll of electrical tape will do the trick.
The problems are solvable and worth solving. That management favors solutions that are simply a matter of writing policy, is in their nature, so don't sit in the dark and bitch, fix the bulb.
Would you ban laptops at work for the same reason?
Would you ban laptops at work for the same reason?
A lot of businesses do in fact ban laptops that aren't company-owned.
Anything that can breach security in a government setting is worth withholding indefinitely until a practical policy can be approved which reduces risk to near zero.
For unrelated/unregulated industries, this approach is unreliable, impractical, unprofitable, and let's face it, just plain stupid.
When the foot seeks the place of the head, the line is crossed. Know your place. Keep your place. Be a shoe.
" You get paid to work, not deal with personal matters."
Amen brother!
This view illustrates that people at work are busy organizing their private lives, making doctor's appointments, calling family, brokers, schools, daycare, tweeting nonsense and updating their online presence and other crap instead of doing their fucking job and they apparently feel entitled to it.
if you work in a sensitive area then expect high security
if you work for a US GOVERNMENT agency around classified information then you're probably following these rules already
if you work in a start up with cool tech you might expect something like this
if you work in your average workplace no one is going to care
How reasonable is this concern?
Very reasonable, if your employer is a CA. Not at all reasonable if your employer sells hubcaps. Need more info.
How can this sort of malware be prevented?
Educate employees. (But your next question shows that you already know this.)
Is there a way to educate employees...?
Yes. Employees are not algorithms. That's why we employ them instead of just computers.
This current reality is that people have started to rely on having their smartphones...
Yes, if you want effective employees, you should allow them to use their brains, as well as extensions that make them more effective.
Do you have any questions that lack obvious answers--perhaps something worth discussing in a forum?
As long as my job pays me for every minute they intrude into my personal life or past the 8 hours a day I owe them, sounds fine with me.
If you're working on material or systems that are classified, or something akin to the iPhone 6, then yeah. Letting *any* communications device into the work area is a very bad idea. You are being targeted. Probably very specifically, too.
If you're not working on anything of that nature, then probably not. Who cares if anyone sees the inside of your office? Or hears you talking sports scores? It's creepy as Hell, and you should probably be more worried about the fact that someone is mucking around inside your phone, listening to you.
The exception to this, is when you walk by some moron's desk, and they have their smartphone plugged into the USB port of the computer, MOUNTED AS A HARD DRIVE.
A computer which is inside the company firewall.
Sometimes, you just have to assume the lowest common denominator, because convenience in listening to an MP3 collection will always trump common sense.
[End Of Line]
I would consider them (Boeing) and others in their line of business to have about the most conservative position on such technology. Seeing as how they have pretty much given up on such rules, I don't see how any other employers expect to get away with them.
Also, if employees are going to steal proprietary data (for which I'm sure there is a company policy prohibiting said activity), sneaking a camera, USB drive or whatever onto the property in violation of rules is not going to be a deterrent.
Have gnu, will travel.
If, after 20+ years of personal computers we still can't stop people from accidentally downloading malware, good luck preventing it on smart phones and other portable devices. The problem is, and always will be, the ignorance of the user.
People in the field would have a device provided by the company, because the employee would be billing back all related expenditure (data and voice) to the company anyway. That device would be locked down by the IT dept; Both Android and iPhone support device policies and central management now, and BlackBerry was designed for this use.
Finally had enough. Come see us over at https://soylentnews.org/
We were have some pretty bizarre network problems in our office one day - some machines were able to connect to our db server whilst some couldn't, and other could intermittently. Long story short*, somebody's smartphone (Android in this case) was responding to ARP requests (requesting the MAC of the server) even though it was showing its IP address as being assigned by DHCP. I reckon its previous IP on the user's home network was the same as our server, and for some reason kept answering to them.
*Once I realised that packets didn't seem to be making it to the server (pings were intermittent), it dawned upon me to check the ARP tables on the clients. Looking up the manufacturer of the MAC address didn't immediately help as I didn't recognise the name, though I assumed it was a phone. At that stage I wasted time looking through all the phones looking for an IP address conflict (bad assumption). Finally looked up the DHCP leases for the offending MAC, found it's current IP (no hostname was provided by the client), found the offending phone, and very nearly shoved it the arse of the owner.
Surprisingly smartphones have not been around forever and little Johnny & Sally still managed to make it thru daycare okay.
You make it sound as if the advent of smartphones was the only thing that changed since the fifties. Guess what, people are now required to be "time flexible", and I guess the society changed in many other ways that make it desirable to be reachable.
If there's an EMERGENCY, outsiders can call your employer's main number and ask for you. You get paid to work, not deal with personal matters.
And that switch to the desk phone makes that call somehow...impersonal?
Ezekiel 23:20
We are actually in the midst of going through something similar at my company (a very open, not secretive environmental firm). We recognized through employee surveillance and traffic logs that cell phones were a huge security risk at our firm and the decision was made to control as much as we could while still maintaining our "Mom & Pop" company feel.
We switched all of our cell phones from one carrier to ATT and we purchased the MobileIron software (VPS and Sentry) to control all the aspects of the company phones that enter our buildings. In addition, for the people who chose the monthly subsidy as opposed to a company phone, we prevent them from getting WiFi access from within our offices as best we can (MAC whitelisting isn't foolproof but helps with 99% of our users). We don't allow the non-company provided phones to work if they are plugged into workstations via USB cable. With MobileIron I can control basically every aspect of their smartphones including camera control, data usage, app installs, etc.
Now, we don't have this fully running in production yet so I can't comment on the pitfalls I'm sure to face, but the short answer is workplaces don't necessarily need to ban smartphones as that could actually cripple some business processes; however, they are definitely a security threat that need to be managed just like other corporate and employee owned devices.
Hagrin.com
My god, this attitude is amazing, what primitive part of the world did you grow up in? Most normal employers realize that work and private live are not so easily seperated and simply allow the two to intertwine. If I ask someone to stay late because of deadlines, can I then deny them time to make calls during office hours to arrange private things? Hell, this must be an American thing. Do you also object to people using the company printer?
Of course, normal people realize there is a line, you can print out a form, your CV is a bit touchy and you do NOT print out a thousand copies of your novel but come on!
If your tried that master slave attitude in Europe, you would find yourself soon with no employees left.
Unless there is a VERY real need for security, everyone carries a mobile phone with them in Europe. The idea you shouldn't answer a personal call during office hours is just so 19th century. Come on, join us in the future, we got cookies!
Ten to one this gti_guy doesn't have a job, lives in a trailer on government assistance and whines about all those leeches living of the state.
People good enough at their job to have one know they are valuable and companies are willing to keep them happy.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
No, it most certainly is not. Salary negotiated by both parties is indeed enough compensation because you were involved in its negotiation. The number of hours per week you owe to your employer is part of your employment contract. Beyond that contract is not covered and therefore NOT COVERED. I am happy to go above and beyond for a company I enjoy working for, but my rights are my rights.
If you need to make a personal call that you do not want to/cant make from your desk line, go out to your car during lunch and make it.
What do you recommend for people who use public transit instead of driving to work?
Go outside and make the call? I mean, how many people are out there working in submarines, underground silos or a bunker in the middle of the Mojave Desert for whom the simplest, most general case solution is not applicable?
Am I too old or something? We always ran our personal lives from work, but it used to be a lot more invasive. You couldn't take care of many things online, so you had to leave work during working hours to take care of it. Any time you needed customer service, you had to use the telephone at work. You'd have errands to run, so you would either come in late, take an extended lunch, or leave early. Expecting a call? You had to hover near your desk so that you wouldn't miss it.
I won't defend tweeting, updating Facebook, and the like - but I think that most employers recognize that letting people take care of some personal stuff while at work ultimately improves productivity.
W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
You usually have to repeat yourself several times before finally loudly yelling "Hemorrhoids!"
Yeah, and my doctor keeps telling me he can't do anything about my boss.
Another day, another update to a Google android app.