Support through your toughest HR challenges: A network of 285,000 HR professionals.
Shawn Premer shows how doing the right thing for employees leads to positive business results.
Is your employee handbook keeping up with the changing world of work? With SHRM's Employee Handbook Builder get peace of mind that your handbook is up-to-date.
Build competencies, establish credibility and advance your career—while earning PDCs—at SHRM Seminars in 12 cities across the U.S. this spring.
#SHRM18 will expand your perspective – on your organization, on your career, and on the way you approach HR. Join us in Chicago June 17-20, 2018
With mobile use and data breaches rising, should employees be allowed to use their own devices
Members may download one copy of our sample forms and templates for your personal use within your organization. Please note that all such forms and policies should be reviewed by your legal counsel for compliance with applicable law, and should be modified to suit your organization’s culture, industry, and practices. Neither members nor non-members may reproduce such samples in any other way (e.g., to republish in a book or use for a commercial purpose) without SHRM’s permission. To request permission for specific items, click on the “reuse permissions” button on the page where you find the item.
By the year 2016, studies show, most people will access the Internet from smartphones. Today employers are increasingly allowing their employees to do so from their own mobile devices, but should they?
According to Fortinet, a network security firm, 42 percent of Generation Y employees surveyed last year admitted they do not and will not follow corporate security guidelines when it comes to securing the personal mobile phones they use to access corporate data. What’s more, 14 percent say they won’t even tell management if their device has been compromised so their companies have the option of wiping sensitive data from the device.
What’s HR to do? After all, you can’t effectively monitor what you can’t control, experts say, so control may have to return to IT.
For more than a decade, employees have enjoyed improvements in technology that give them the flexibility of working remotely from mobile phones.
However, a mobile workforce of this nature creates new challenges for HR and IT, including safeguarding employer data, complying with regulations, and securing IT systems from malware or cybercriminal activity.
Last year, information technology research company Gartner predicted that the bring-your-own-device (BYOD) trend would accelerate, with mobile devices surpassing PCs as the most common way to access the Internet. By 2015, more than 80 percent of handsets will be smartphones, Gartner added. And, according to the Pew Research Center, by 2016, 8 billion people will access the Internet from a smartphone. Unfortunately, according to
Verizon’s most recent data breach report, the number of data breaches has risen from 400 in 2004 to more than 5,900 in 2013.
These trends present several key concerns every HR team should focus on, especially regarding mobile security, according to
A Mobile Workforce: The HR and Data Protection Challenges, a report recently released by Global Data Hub.
Chief among them:
With the workplace of the 21st century moving from the desktop to the most readily accessible USB port, the risk of data breaches has increased and monitoring becomes a complicated yet essential necessity, experts say. This is especially true where work-related activities and personal activities converge in e-mails, text messaging and the use of apps on cellular devices.
only way to secure corporate handheld devices “is to get it in your hands before pushing it out to the employee,” said Jeremy Ames, president of Hive Tech HR and a member of the Society for Human Resource Management’s (SHRM) Technology and HR Management Special Expertise Panel. “That way you can implement whatever security measures you need and control what applications are on the equipment.”
But what of those employees who use their own devices?
“HR must establish a policy detailing the do’s and don’ts of BYOD and look into creating a ‘private/work’ switch function on the device to help define usage parameters,” according to the report from Global Data Hub.
But is that enough?
“Data security violations are happening in almost every company at almost every moment,” said Ames. “When you check an e-mail on a plane, who is watching in the seat next to you? When you’re outside the company firewall, do you know who is trying to hack into your equipment? When you’re on a public network, how do you know your data is secure?”
In the confines of the traditional office where work stations are tethered to the company network, security measures and redundancies are in place to create a reasonably effective firewall against harmful activity.
Experts say it might not be a bad idea for employers to rethink letting employees access sensitive corporate data from their own devices.
Global Data Hub notes that allowing such use “will inevitably result in an increased risk of third-party access to sensitive corporate data.”
Adam Baer of Tech Electronics Inc., agreed.
“Generally speaking,” said Baer, the director of business development in IT, “these home-based devices are not as secure as their business-grade counterparts. This can be a result of the operating system used, the lack of security policies inherently placed in those devices, and the many other unsecure applications that reside on those same devices.”
Get a BYOD Policy Anyway
Sixty-five percent of HR department leaders recently surveyed stated their companies do
not have a policy in place that addresses personal electronic devices in the workplace, and 78 percent stated they have no immediate plans to implement such policies, according to AAIM Employers’ Association, a midwestern HR association.
AAIM CEO and president Phil Brandt believes this disparity represents “a bit of a Wild West mentality that finds technology moving faster than business.”
Whether they suspect employees are following the rules or not, companies need to know how employers are accessing corporate data. Policies are vital.
“It’s important to know how remote users are being connected to the company network and also the method in which the data is being stored,” Baer said, for a lot of reasons. “Extra logins may be required to enhance or add layers based on the sensitivity level of the data. Personal health records, for example, may require top-level security exclusive to a handful of employees.”
After all, by the time a breach is detected on a mobile phone, it may be too late—“at least for that mobile employee,” Ames said. “The bulk of the work that happens post-breach is to put in place the measures that should have been there in the first place, and to roll that out to all mobile employees.”
Leonard Webb is a freelance writer in Wyncote, Pa.
You have successfully saved this page as a bookmark.
Please confirm that you want to proceed with deleting bookmark.
You have successfully removed bookmark.
Please log in as a SHRM member before saving bookmarks.
Please sign in as a SHRM member before saving bookmarks.
Please purchase a SHRM membership before saving bookmarks.
An error has occurred
Recommended for you
Talent Attraction Study: What Matters to the Modern Candidate
Choose from dozens of free webcasts on the most timely HR topics.
SHRM’s HR Vendor Directory contains over 3,200 companies