Does MDM Threaten Employee Privacy?

Does MDM Threaten Employee Privacy?

For years, the concept of bring your own device (BYOD) into the workplace has integrated into most offices. It’s hard to imagine a world where an office employee doesn’t pick up their personal phone or tablet to perform some needed task. But even the smallest of tasks can be damaging to an organization. Even the smallest misstep can have a disastrous impact.

Which is how Mobile Device Management (MDM) solutions were born.

But are they the right solution for your company?

MDM solutions can be scary for an employee. To install something that allows their employer to have complete visibility into their actions at the click of a button can leave them worrying about privacy issues. And once the solution is installed, there is little to indicate that monitoring is taking place. How do you ensure you are doing all you can to secure your company’s data without infringing on your employee’s privacy rights?

One of MDM’s biggest selling points is also the one thing ripe for abuse: the ability to monitor all incoming and outbound traffic. With an MDM solution, security can visibly see all emails, browser searches, personal information such as passwords, and more. This means if an employee uses a computer to do what they might consider to be personal activities, such as accessing personal health information, searching Amazon for a product, or viewing financial or political information, it could be held and used against them at some point in the future.

And it isn’t just what an employee accesses. It can also include what apps an employee downloads. While this may seem innocent, it gives an organization the ability to track what an employee does even in their personal time. It can lead to building a detailed profile of employee behavior. All of a sudden, an organization can see what sports teams a person follows, what dating sites they use regularly, or what news organization they access on a daily basis.

And because smart devices are attached to geotracking, MDM solutions can also be used to determine employee locations 24/7. This capability has the potential to record far more damaging information than merely finding a phone if it’s lost.

Employees expect freedom to use their phones and tablets as they see fit, especially during non-working hours. But do simple security measures such as PIN codes and disk encryption offer enough security to protect a company’s information?

What’s your policy on BYOD and MDM?

Hate BYOD? CYOD May Be The Answer

Hate BYOD? CYOD May Be The Answer

At first glance, there appears to be little difference between the concepts of “bring your own device” BYOD and “choose your own device” CYOD. Yet as you begin to marry the concepts of productivity and security together, it becomes apparent that certain guidelines have to be in place to keep efficiencies within the workplace.

In a BYOD environment, individuals already have their own personal devices. They’ve purchased them, use them, are comfortable with them, so it makes sense to allow them to incorporate work-related apps and programs to make getting down to business even easier. Still, keeping policies in place to keep every type of device safe is nearly impossible, and only around 44 percent of employees regularly think about their responsibility to protect corporate information on their personal devices.

To eliminate some of the variability, a CYOD policy may be a better option.

With CYOD, employees choose from a list of preapproved devices. This gives the IT department the opportunity to understand each system, select appropriate security products, and have administrator, firewall and network settings that can quickly be loaded on the device.

It is important to offer variety to ensure employee buy-in, selecting many of the top products already used in the general population.

Choose products and devices focused on responsiveness and productivity. Asking employees before the final selection is made can open up the playing field to concepts that are already in play. Then test products as an end user, making sure they work in a satisfactory way for both production and security.

Realize you may need several approaches to security to keep all information secure. Operating systems have different characteristics, different needs. Choosing popular products and designs can ensure you the largest selection of security measures that fit your needs, making integration and compliance that much easier.

Also, remember to assemble the right team to set up, implement and maintain the process from beginning to end. Anyone with a vested interest – from IT, to legal, to HR – should guide the most important requirements to ensure needs and desires meet expectations and reality.

If we can help you implement the process and make it smoother for your organization’s transition, give us a call.

How To Establish A Successful Bring Your Own Device Policy

How To Establish A Successful Bring Your Own Device Policy

By the end of 2015, it is predicted that well over 2 billion smartphones and 1 billion tablets will be used on a regular basis throughout the world. And if you look around your office, chances are the majority of your employees have at least one of these devices of their own sitting on their desks or tucked away in their pockets.

Connectivity is alive and well all across America. We want to stay in touch with our spouses and our kids. We want to check in with our personal email accounts to make plans for the weekend. We have lives outside of the office, and we’re not afraid to connect the two together while we’re sitting at our desks.How To Establish A Successful Bring Your Own Device Policy

Yet with that much connectivity, where are the lines drawn? What if an employee loads a corporate email or contact system on to their own device? What if they find as much use for their tablets with work platforms as they do with their favorite e-reader?

Do you have a Bring Your Own Device (BYOD) policy in place?

If not, there are a few things you should consider as you develop a policy for what’s acceptable … and what’s not.

What devices are permitted?
It’s no longer a world of one or two choices with smart technology. Between iOS, Android, phones and tablets, there are many options for a consumer to choose from. They all have different operating systems, different applications … and different risks. If you will allow employees to use their own devices for work related applications, which devices and systems will you support? Be sure to have a clear list of what an employee can use on company time, and how best to get the support they need when questions arise.

Establish a security policy for all devices
If an employee chooses to use a personal device for work related tasks, make sure they understand that all devices used must follow security guidelines. That includes lock screens and passwords to access important data. It also means updating the device with the latest technology, and possibly downloading specific security systems to ensure data safety.

A whole industry has developed around securing and enforcing policies on mobile devices.  The technology is commonly referred to as Mobile Device Management (MDM), and there are many pros/cons to each of the MDM platforms, as well as significant price variations.

Define your service policy
As an employee begins loading company applications and programs to their personal devices, it’s a natural progression for problems to occur. When things don’t download properly, or they have trouble accessing company data, where do they go for support? Be clear in your service policy where boundaries are set, what you will cover, and what will remain a personal challenge. The last thing you need is to have your help desk inundated with personal tech problems.

Clearly define who owns what
In the beginning, it’s easy to keep work and personal related apps separate. But as months or even years go by, the lines tend to blur. The two intermix, and before long an employee is using company apps to control everything in their lives. Company calendars list both personal and work related events, and emails consistently begin to cross the line. And that’s only the beginning.

But what happens when an employee quits? What happens to the apps and data at that point? Who is in charge of wiping the data clean? And what happens when an employee isn’t happy when personal items like photos, music and personal apps disappear in the wiping process? Make sure your BYOD policy covers every detail and makes it clear the process that will occur during the final days of employment. It may also be good to remind employees periodically so they can prepare as part of the process.