The Wall Street Journal reports on the security and privacy issues that can arise as businesses allow employees to use personal devices, such as cellphones and computers, as work devices:
Over the past three years, small companies have outpaced big ones in letting workers use personal laptops, tablets and cellphones on the job. For small firms, the appeal is clear: They don’t have to spend as much on technology, and workers are more comfortable using the equipment.
But small outfits often aren’t prepared to handle all the technical and security issues that can arise. Very often, they don’t even implement basic security measures like requiring password locks on phones. And the result can be lots of wasted time and money—and possibly permanent damage to the business.
If companies don’t have even simple policies like lock codes on phones, “what happens when the employee leaves it in a bar and anyone can look at whatever sensitive information is on the emails?” says Douglas Louie, senior director of product marketing enterprise at Smith Micro Software Inc. in Aliso Viejo, Calif., a firm that helps companies with device management. “And what about when they are terminated? Can you shut [the phones] off immediately?”
All told, about half of companies with fewer than 500 employees allow personally owned devices, compared with 35% of larger enterprises, according to the Ponemon Institute LLC, a technology-research organization in Traverse City, Mich. […]
With so many benefits, it’s easy to overlook the pitfalls. Lost or stolen devices can pose major headaches, for instance, particularly if the company doesn’t have the legal authority or systems in place to remotely wipe information from them. More than half of lost smartphones are not protected with mobile security features, according to a study from the Ponemon Institute.
Misappropriation is another big issue. Using personal devices may make it easier for employees to take information to competitors when they leave.
Then there’s the matter of viruses and other malware. Often, employees don’t have the latest protection on their devices—and one infected machine can paralyze all the computers sharing the network.