The Dark Side of BYOD

The BYOD, or Bring Your Own Device, trend offers pluses for both employers and employees, but sometimes there’s a hitch. Under certain circumstances, the owner of a device suddenly might lose all of the data stored on it.

Clients of Fiberlink remotely wiped 81,000 mobile devices between January and June.

About 30,000 of them, or 37 percent, were cleaned of everything — including personal data such as contact lists, and even photos of deceased relatives and pets.

The devices “were a mix of BYOD and corporate-issued devices globally,” Jonathan Dale, director of marketing at Fiberlink, told the E-Commerce Times. “Companies make the choice of a full wipe or a selective wipe based on specific use cases and internal policies.”

More Information on the Wipes

Fiberlink identified four main use cases for device wiping.

First, shift changes — devices used by multiple workers on different shifts are wiped at the end of every shift.

Second is reprovisioning. When an employee leaves a company, IT wipes the device.

Violation of compliance policy is another reason for device wiping, and a fourth is loss due to theft or any other reason.

Fiberlink did not break down the data by BYOD or corporate-owned devices, and it does not have statistics on the number that are lost, Dale said.

Never Do Things By Halves

“If I hear a device is stolen, I would fully wipe it,” Timo Hirvonen, a senior researcher at F-Secure, told the E-Commerce Times. “Otherwise, I would be wondering whether there was something on the device that could lead to sensitive information.”

BlackBerry and Samsung offer different containers for personal and work data on their devices, but BYOD users may have other or older devices, Jonathan Sander, strategy and research officer at Stealthbits Technologies, pointed out.

Many organizations “want to roll out a one-size-fits-all solution, and these platform-specific features aren’t yet a part of it,” he told the E-Commerce Times.

Even if devices in an enterprise have such features, “many security folks don’t yet trust [them] and may still mandate a total wipe just in case,” Sander said.

Five million mobile devices were lost or stolen last year, according to Vasco Data Security spokesperson John Gunn.

The Best Things in Life Aren’t Free

When the BYOD phenomenon began gaining steam last year, it seemed like a win-win. Employers could cut costs because employees would bring in their own devices, while the employees would only have to carry one device and it would be the one they liked.

However, security issues and questions of privacy soon cropped up. Lost or stolen devices were a security threat, as were those that were not password-secured. Devices that hadn’t been deprovisioned when employees left the company or changed roles led to orphan accounts, a huge security headache.

“Employers are typically making employees opt in to these programs. If you want to use your personal device, you need to do it on the organization’s terms,” Sander said.

Employees could seek to take legal action when personal data was wiped, but the burden would be on them to prove that what they lost had more value than the risk their employer faced, which is a “tough burden,” he pointed out.

How Users Can Protect Themselves

“Just because you’ve given your employer the right to remotely wipe your device of all data doesn’t mean you’ll have to lose your favorite cat photos or that list of books you promised yourself that you’d read the next time you’re stranded on a desert island,” Scott Goldman, CEO of TextPower, told the E-Commerce Times. “Back up your personal contacts, photos and lists to your home computer.”

“Do not use your own device for your company,” Pierluigi Stella, CTO of Network Box USA, told the E-Commerce Times. “If your company wants you to work at 10 p.m., have them give you the tools to do so.”

Smart companies will teach employees how to set up automatic backup of their data, Vasco’s Gunn told the E-Commerce Times. “There will never be a good way for a company to explain [the loss of] the only remaining pictures of a deceased loved one.”

Richard Adhikari

Richard Adhikari has written about high-tech for leading industry publications since the 1990s and wonders where it's all leading to. Will implanted RFID chips in humans be the Mark of the Beast? Will nanotech solve our coming food crisis? Does Sturgeon's Law still hold true? You can connect with Richard on Google+.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Related Stories
More by Richard Adhikari
More in BYOD

E-Commerce Times Channels