When Business and Pleasure Mingle on a Work Phone, Are You Putting Your Company’s Security at Risk?

That’s the question that was being asked at VentureWire FASTech, which took place in Silicon Valley. According to HP, work devices are being increasingly used for personal use and personal devices are now being integrated into an enterprise system due to relaxing security standards at many businesses, but there’s also a cost to the benefit of co-mingling business and pleasure. The risk is that these work devices are then toted to personal places–like restaurants, bars, and movie theaters–after hours and could potentially be forgotten, lost, or stolen from these venues. Look at the poor Apple engineer who left his prototype iPhone 4 in a bar  to only be lost or stolen, sold, and bought by popular Web blog Gizmodo.

But then there’s an even greater risk: data on the device. While quite a few enterprises enforce tight security controls, such as requiring either a 4-digit numeric unlock code or a strong alpha-numeric passcode when an Exchange account is being used on the phone, some companies don’t require that. According to HP, lost and stolen devices pose a real security risk. The company says that “In the average month, 10,000 cell phones are left in taxicabs in Chicago; [people] aren’t using four-digit passwords either.” Worse yet, with the companies that do require them, there are smartphone methods to circumvent this security requirements. I’ve known a few iOS owners who have “jailbroken” their iPhone to gain features and functionalities beyond what Apple has bestowed upon them, and one of the jailbreaking features that was unlocked was the ability to circumvent the Exchange-enforced security requirement.


For these few friends, who describes having to enter the unlock code every time the phone was turned on as an inconvenience, losing their phones would mean that the thief would have access to the corporate address book, corporate emails complete with attachments–some of which may be confidential in nature, and appointments and calendars–including perhaps secret staff meetings and rendez-vous that may happen prior to a big product launch. All that would be out there and available to gawking eyes if this device was to fall into the wrong hands.

Add to the that the risk of viruses, malwares, and security threatd and you’d have a personal nightmare for any Chief Information Officer or CTO at a company. With the proliferation of laptops that serve multiple purposes as a work and personal computer, corporations have seen a greater influx of virus threats. However, on mobile right now, there hasn’t been a lot of smartphone viruses, and that could really catch a company off guard once smartphone adoption picks up. For hackers of yore, there wasn’t a lot of incentives for being a hacker other than the geeky satisfaction of accomplishing a DDoS attack, but with today’s technology and environment, there could be monetary incentives to thwarting your competitors or discovering what your rival is doing through a virus that gets propagated across a company’s Exchange ecosystem.

The Wall Street Journal‘s article presents an interesting read on data security on mixed-use devices. I think that the problem’s going to get even worse as more workers are blurring the lines between work and play. In the hyper-connected world where we’re expected to answer emails within minutes–rather than hours–of them arriving in our inboxes, work devices will increasingly get ported around with mobile workers everywhere they go, regardless of whether they’re also used as a personal device.