Bring your own device – or doom?
Bring your own device is a popular way of getting employees to sync work emails and data on their personal devices.
That said I’d like to present a case against implementing a BYOD policy.
It's not really secure
Proponents of BYOD programs argue that it’s secure because both Apple iOS and Google Android allow IT administrators to set policies on the phone to prevent employees from copying/pasting data and installing non approved applications on the work profile.
Herein lies the problem – the employee is still using their own device and can install applications at will in their personal profile. While both iOS and Android have done a good job of separating personal and work profiles – you still run the risk of a rogue application running in the background that can potentially have access to work profile data.
Many BYOD policies come with a strict remote wipe clause. Basically if the IT admin deems it necessary the device can and will get remotely wiped. Imagine a scenario where this happens “accidentally”. Now you have to explain to your employee why all their pictures of their grandma’s 80th birthday are gone … forever.
Even if it doesn’t happen accidentally. What happens if the device is stolen or lost? How much time do you give the employee to find the device? An hour? Three hours? Do you really want to risk client data or worse yet PHI being exposed to the public?
With a work assigned device – if its reported lost or stolen it can be wiped immediately. No need to worry about Nana’s birthday pictures getting deleted either.
At will termination
Okay so your employees are really good at making sure their BYOD devices aren’t lost or stolen. They’re using good password creation policies and not installing rogue applications that can spy on your data and they’re on a corporate VPN when using public WIFI networks.
What happens when either they quit or you fire them? Some BYOD policies state that upon termination the employee will have their phones wiped. Others assume that post employment, if access to various services like email, shared drives, data collection systems are disabled there’s no way for an employee to access those systems.
Consider this: In order to make apps run faster, many of them employ the use of a cache. A cache is like a virtual area on your device where large amounts of data that doesn’t change often (like data collection for a session that happened 2 weeks ago) can be stored and accessed quickly.
Good mobile apps that deal with PHI completely remove these cache files when data is no longer needed. Unfortunately all of this is highly dependent on the app developer. There’s no guarantee the data is actually removed short of completely wiping the device.
I’ll ask again – do you really want to risk PHI being exposed?
Let’s face it, even though some people claim privacy is completely gone – it’s still kind of a big deal. While some employees may accept the idea of their device being remotely wiped at will – no one is going to be truly comfortable with their personal device being monitored and controlled by their employer 24x7.
Okay so you’re convinced but you still want to provide mobile devices to your employees to use.
- Buy a bunch of Android tablets managed with a strict device policy.
- Sign up for a telcos provided WIFI hotspot.
- Use a secure corporate VPN on the tablet.
Looking to reduce employee stress and increase satisfaction?
Provide MileLogix as an employee benefit to automatically generate mileage logs.
Sign up for a free trial today!