Connect with us

Editorials

When Business and Pleasure Mingle on a Work Phone, Are You Putting Your Company’s Security at Risk?

Published

on

That’s the question that was being asked at VentureWire FASTech, which took place in Silicon Valley. According to HP, work devices are being increasingly used for personal use and personal devices are now being integrated into an enterprise system due to relaxing security standards at many businesses, but there’s also a cost to the benefit of co-mingling business and pleasure. The risk is that these work devices are then toted to personal places–like restaurants, bars, and movie theaters–after hours and could potentially be forgotten, lost, or stolen from these venues. Look at the poor Apple engineer who left his prototype iPhone 4 in a bar  to only be lost or stolen, sold, and bought by popular Web blog Gizmodo.

But then there’s an even greater risk: data on the device. While quite a few enterprises enforce tight security controls, such as requiring either a 4-digit numeric unlock code or a strong alpha-numeric passcode when an Exchange account is being used on the phone, some companies don’t require that. According to HP, lost and stolen devices pose a real security risk. The company says that “In the average month, 10,000 cell phones are left in taxicabs in Chicago; [people] aren’t using four-digit passwords either.” Worse yet, with the companies that do require them, there are smartphone methods to circumvent this security requirements. I’ve known a few iOS owners who have “jailbroken” their iPhone to gain features and functionalities beyond what Apple has bestowed upon them, and one of the jailbreaking features that was unlocked was the ability to circumvent the Exchange-enforced security requirement.

For these few friends, who describes having to enter the unlock code every time the phone was turned on as an inconvenience, losing their phones would mean that the thief would have access to the corporate address book, corporate emails complete with attachments–some of which may be confidential in nature, and appointments and calendars–including perhaps secret staff meetings and rendez-vous that may happen prior to a big product launch. All that would be out there and available to gawking eyes if this device was to fall into the wrong hands.

Add to the that the risk of viruses, malwares, and security threatd and you’d have a personal nightmare for any Chief Information Officer or CTO at a company. With the proliferation of laptops that serve multiple purposes as a work and personal computer, corporations have seen a greater influx of virus threats. However, on mobile right now, there hasn’t been a lot of smartphone viruses, and that could really catch a company off guard once smartphone adoption picks up. For hackers of yore, there wasn’t a lot of incentives for being a hacker other than the geeky satisfaction of accomplishing a DDoS attack, but with today’s technology and environment, there could be monetary incentives to thwarting your competitors or discovering what your rival is doing through a virus that gets propagated across a company’s Exchange ecosystem.

The Wall Street Journal‘s article presents an interesting read on data security on mixed-use devices. I think that the problem’s going to get even worse as more workers are blurring the lines between work and play. In the hyper-connected world where we’re expected to answer emails within minutes–rather than hours–of them arriving in our inboxes, work devices will increasingly get ported around with mobile workers everywhere they go, regardless of whether they’re also used as a personal device.

3 Comments

3 Comments

  1. JP

    11/04/2010 at 6:27 pm

    The concern over security of data on mobile devices is a huge issue – which is why so many companies have required that you use their Blackberry with enterprise-friendly software that includes remote wipe and encryption. However, executives and business users want to have the latest and greatest tech gadgets, and are hounding their IT departments to support iPhones and Android devices. One thing that I have seen which might allow both needs to be met is the software offered by Good, that would lock down and allow for remote management/deletion of your corporate data, but leave your personal data with whatever the stock user experience is for that device. Best of both worlds (hopefully)!

  2. JP

    11/04/2010 at 6:27 pm

    The concern over security of data on mobile devices is a huge issue – which is why so many companies have required that you use their Blackberry with enterprise-friendly software that includes remote wipe and encryption. However, executives and business users want to have the latest and greatest tech gadgets, and are hounding their IT departments to support iPhones and Android devices. One thing that I have seen which might allow both needs to be met is the software offered by Good, that would lock down and allow for remote management/deletion of your corporate data, but leave your personal data with whatever the stock user experience is for that device. Best of both worlds (hopefully)!

    • Chuong Nguyen

      11/04/2010 at 7:19 pm

      Thanks, JP, for your insight. I think Exchange does offer remote wipe as well, though its implementation on Android may not be as polished depending on the manufacturer. I know that at the Motorola Droid Pro announcement at CTIA a month ago, Motorola really went out of their way to nail on different Exchange integration and security features that the company made on that device, which is geared towards enterprise customers especially with its BlackBerry styling. I think a big concern moving forward is hacking, jailbreaking, and rooting, since that may expose devices to security vulnerabilities or open up devices to user control, as was the case with the Exchange security code bypass example.

Leave a Reply

Your email address will not be published.

As an Amazon Associate I earn from qualifying purchases.