Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Ask Slashdot: Should Employers Ban Smartphones?

samzenpus posted about a year and a half ago | from the no-phone-for-you dept.

Businesses 510

An anonymous reader writes "Due to a concern that smartphones (and other electronic devices) could be infected with malware and used to spy on sensitive information, my employer has recently banned all personal electronic devices from their spaces. The concern comes from articles like this one. My question to slashdot readers: How reasonable is this concern? How can this sort of malware be prevented from showing up on our devices? Is there a way to educate employees about preventing this sort of thing rather than banning the devices altogether? This current reality is that people have started to rely on having their smartphones with them at all times for things such as receiving emergency calls from day cares and schools, making personal calls during normal working hours (i.e. to make doctor's appointments), accessing password managers, and scheduling calendar events."

cancel ×

510 comments

Sorry! There are no comments related to the filter you selected.

No persuasion required (5, Insightful)

Anonymous Coward | about a year and a half ago | (#42504973)

You have asked an audience that knows just how ingrained smartphones are to our everyday lives. The last half of your question is a "given."

The burden of proof is on the employer to show that no other mitigating measure can address the risks. Summarily banning child protecting, emergency-aleviating technology, not to mention the tools with which we coordinate the rest of our lives, is truly bad form and will bite the employer more often than they know.

If you are working with sensitive documents, these people will remove the camera from your iPhone for $20:
http://www.iresq.com/iphone-camera-removal.html [iresq.com]
Want to do the whole office? A 79 cent roll of electrical tape will do the trick.

The problems are solvable and worth solving. That management favors solutions that are simply a matter of writing policy, is in their nature, so don't sit in the dark and bitch, fix the bulb.

Re:No persuasion required (5, Insightful)

Anonymous Coward | about a year and a half ago | (#42505209)

The burden of proof is on the employer to show that no other mitigating measure can address the risks.

My current employer has banned all personal cellphones and personal laptops for some time. It is really not that hard to get around, and the burden is not on them to prove anything. You are paid to work and presumably want your job. If not having your pacifier with you at all times makes you that uncomfortable, find a different job. Or you can give out your work number for emergencies or set your cell phone to automatically forward calls during business hours to your desk phone. If you need to make a personal call that you do not want to/cant make from your desk line, go out to your car during lunch and make it.

That management favors solutions that are simply a matter of writing policy, is in their nature, so don't sit in the dark and bitch, fix the bulb.

So if a concern is the microphone on the phone you have no problem filling that with epoxy?

Re:No persuasion required (4, Insightful)

tepples (727027) | about a year and a half ago | (#42505227)

If you need to make a personal call that you do not want to/cant make from your desk line, go out to your car during lunch and make it.

What do you recommend for people who use public transit instead of driving to work?

Re:No persuasion required (-1)

Anonymous Coward | about a year and a half ago | (#42505297)

If you need to make a personal call that you do not want to/cant make from your desk line, go out to your car during lunch and make it.

What do you recommend for people who use public transit instead of driving to work?

Death

Re:No persuasion required (5, Funny)

Minwee (522556) | about a year and a half ago | (#42505345)

What do you recommend for people who use public transit instead of driving to work?

Death

I see that you work for the Muni.

Re:No persuasion required (0, Troll)

K. S. Kyosuke (729550) | about a year and a half ago | (#42505277)

My current employer has banned all personal cellphones and personal laptops for some time.

Of course, you don't need that sort of technology for flipping burgers.

Re:No persuasion required (1)

marcosdumay (620877) | about a year and a half ago | (#42505311)

You are paid to work and presumably want your job. If not having your pacifier with you at all times makes you that uncomfortable, find a different job.

Exactly. And if the company can't find anybody competent to fill your role, it's their problem.

The only thing wrong with this argument is that companies always go screamming to the government, asking for help.

Re:No persuasion required (0)

Anonymous Coward | about a year and a half ago | (#42505263)

They haven't banned phones, just smart phones (aka personal computers witht their own unregulated Internet connection) . Get a $10 prepaid phone and forward your calls during the day. Leave the smart phone in your car and go out there to make personal calls at lunch if the employer won't allow reasonable personal use of your work phone. Problem solved.

Re:No persuasion required (0, Flamebait)

jedidiah (1196) | about a year and a half ago | (#42505453)

Unless there are genuine state secrets lurking about the company, they really should have no right to be so intrusive. This is corporate feudalism at it's finest.

You corporate bootlickers are helping build a new Guilded Age.

Don't say you weren't warned.

Re:No persuasion required (1)

Anonymous Coward | about a year and a half ago | (#42505327)

Intel for a long time banned flash drives, cameras, PDAs, laptops, etc. Presumably this would also apply to smartphones and other devices today.

They were righteously worried about their trade secrets, designs, etc. making their way out into competitor's hands.

So basically, yeah, if your company has any serious trade secrets, technologies, etc. they're right and should be worried about other devices as well however their apparent reasoning is partially(at least) for the wrong concern.

Re:No persuasion required (4, Informative)

Monsieur Canard (766354) | about a year and a half ago | (#42505383)

My company does a lot of DoD work. The policy is: no personally owned electronics may connect to company assets. Ever. We can have personal smartphones (but no notebooks or tablets) as long as they do not have a functional camera. For Android phones the only option is to remove the camera or JBWeld over the lens. For my new iPhone the local AT&T store enabled restrictions on the camera with a password only they know and gave me a letter as such. That's good enough for our security folks. It's not a perfect situation as disabling the camera kills things like having Siri dial phone numbers for me (as apparently that somehow involves Facetime) but it's better than any sort of destruction. Plus I was able to get the camera un-disabled (yeah, I know) when I went on vacation for a week and then have it re-disabled.

Re:No persuasion required (5, Insightful)

PmanAce (1679902) | about a year and a half ago | (#42505447)

Summarily banning child protecting, emergency-aleviating technology

What happened to giving them your work place number like you know, your parents did? Children were just as safe before smart phones...

not to mention the tools with which we coordinate the rest of our lives

I don't agree with this at all. 10+ years ago we didn't use smart phones and we coordinated the rest of our lives just fine.

The problems are solvable and worth solving. That management favors solutions that are simply a matter of writing policy, is in their nature, so don't sit in the dark and bitch, fix the bulb.

I think management just wants you to do your job and not have you sit there browsing facebook on your phone, texting your friends or calling for appointments while you are getting paid.

Re:No persuasion required (0)

Anonymous Coward | about a year and a half ago | (#42505563)

I guess you're screwed if you work for, say, Nokia, Ericsson, Motorolla, Apple, Samsung...tell you what, you can buy 500000 desk phones for their employees...

No (4, Insightful)

Eightbitgnosis (1571875) | about a year and a half ago | (#42504999)

Would you ban laptops at work for the same reason?

Ban of outside laptops (5, Informative)

tepples (727027) | about a year and a half ago | (#42505089)

Would you ban laptops at work for the same reason?

A lot of businesses do in fact ban laptops that aren't company-owned.

Re:Ban of outside laptops (4, Insightful)

TubeSteak (669689) | about a year and a half ago | (#42505265)

A lot of businesses do in fact ban laptops that aren't company-owned.

Exactly. You have a work phone number in exactly the same way that you have a work computer.

I don't really think "but daycare and school" makes for a compelling argument.
They have your work number on file, let them use it.

All the other reasons listed are ones of convienence, not necessity.

Re:Ban of outside laptops (5, Informative)

Anonymous Coward | about a year and a half ago | (#42505469)

All the other reasons listed are ones of convienence, not necessity.

Almost certainly. That said, all employees expect a certain amount of convenience, which varies greatly by situation.

I'm an IT guy. If a company I worked for started with the, "no smartphones at work" thing just because they wanted to make sure they were getting every last second of productivity out of you, whilst working you overtime for no additional pay (as this rule will almost certainly be, every time), I'd add it to a list of reasons to go elsewhere.

As with most things, it's not necessarily one thing that makes you leave... it's a lot of things adding to employee dissatisfaction.

Re:No (3, Informative)

L4t3r4lu5 (1216702) | about a year and a half ago | (#42505167)

Personal laptops where the user has keys to the kingdom? Yes, those are banned. Laptops I have locked down and set to our our policies, provided by the company? No, they are allowed. The same applies to smartphones. Any further questions?

Re:No (4, Interesting)

jimbolauski (882977) | about a year and a half ago | (#42505435)

We allow personal laptops and smart phones but we have two internal networks one that is for the unclean and one for verified systems. The unclean network only allows access to to the internet and a few of our internal systems, email, calendars, and contacts, only stuff that is exposed to the outside all ready. Plugging in an unverified computer into the clean network will usually cause our IT guy to come find the person. I got dinged for that after plugging in a Micro-Controler board that was not recognized by the network in about 5 minutes.

Re:No (1)

serviscope_minor (664417) | about a year and a half ago | (#42505517)

I'm glad I've never worked for a company like that.

I've worked somewhere a tiny bit like that, but they were still allowed to give out everything except "sudo bash" access. The sysadmins knew that it was effectively equivalent. But they generally knew that anyone who could figure it out could root the machine anyway should they need to. So they stuck to the letter of the rules very closely.

And for some reason laptops didn't have the same rules as desktops. Neither did embedded kit. So I had one workstation with sudo access but no root access, two company laptops with root access (I installed ubuntu on one, the other shipped from Dell with ubuntu installed) and a bunch of random ARM linux boards on which I had root access.

Hideously locked down boxes are generally a developer's and engineer's nightmare and also pretty much prevent skunkworks projects from ever getting off the ground.

Execs (0)

Anonymous Coward | about a year and a half ago | (#42505007)

What? Are you telling me all the executives and C-level types can't show around their latest iPhones, Galaxies, BlackBerries, etc? Or does it just apply to the minions?

Device administration software (1)

tepples (727027) | about a year and a half ago | (#42505113)

I imagine that company-owned smartphones managed by the company's device administration software would be allowed, but no others. Upper-level management and phone sales staff would get these as a perk; those under them aren't supposed to be receiving personal calls on company time anyway.

Wow... guess I know who you voted for (-1, Flamebait)

SmallFurryCreature (593017) | about a year and a half ago | (#42505399)

So tell me, what is it like living in the 18th century? Ten to one odds you are going to get killed in a work related shooting and the jury will upon learning about you, release the shooter on grounds of justifiable homicide.

Meanwhile, in the modern world, work and private life are bound to intermingle and personal calls are perfectly acceptable if people do their jobs properly.

This issue (-1, Flamebait)

falcon5768 (629591) | about a year and a half ago | (#42505021)

Is why Android is banned for all but app developers at my work and the only smartphone OS you are permitted for general use is ATM IOS. And why once we roll out android support it will only be with a mdm solution.

Re:This issue (-1)

Anonymous Coward | about a year and a half ago | (#42505147)

considering how many times asstomouth ios has been owned through safari what's the point?

Dogfooding where everyone's an app tester (1)

tepples (727027) | about a year and a half ago | (#42505149)

Then why not add "app tester" to everyone's job title and call it dogfooding [wikipedia.org] ?

Suck it up. (2, Insightful)

gti_guy (875684) | about a year and a half ago | (#42505033)

Surprisingly smartphones have not been around forever and little Johnny & Sally still managed to make it thru daycare okay. If there's an EMERGENCY, outsiders can call your employer's main number and ask for you. You get paid to work, not deal with personal matters.

Re:Suck it up. (3, Insightful)

nospam007 (722110) | about a year and a half ago | (#42505099)

" You get paid to work, not deal with personal matters."

Amen brother!
This view illustrates that people at work are busy organizing their private lives, making doctor's appointments, calling family, brokers, schools, daycare, tweeting nonsense and updating their online presence and other crap instead of doing their fucking job and they apparently feel entitled to it.

Re:Suck it up. (5, Interesting)

Anonymous Coward | about a year and a half ago | (#42505181)

As long as my job pays me for every minute they intrude into my personal life or past the 8 hours a day I owe them, sounds fine with me.

If you make more than minimum wage (-1, Flamebait)

tepples (727027) | about a year and a half ago | (#42505247)

If you get paid more than minimum wage, then any salary in excess of minimum wage is adequate compensation for "intru[sion] [...] past the 8 hours a day I owe them".

Re:If you make more than minimum wage (3, Insightful)

Anonymous Coward | about a year and a half ago | (#42505541)

No, it most certainly is not. Salary negotiated by both parties is indeed enough compensation because you were involved in its negotiation. The number of hours per week you owe to your employer is part of your employment contract. Beyond that contract is not covered and therefore NOT COVERED. I am happy to go above and beyond for a company I enjoy working for, but my rights are my rights.

Re:Suck it up. (1)

Anonymous Coward | about a year and a half ago | (#42505365)

Then learn how to manage your time better - it's not your company's job to do it for you.

If they intrude into your personal life past the agreed-upon hours you're supposed to work, then ask your boss to establish an on-call rotation (with additional flexibility built into your schedule for the time(s) when you're on call), or work out a comp time arrangement with your boss, where if you need to work an hour in the afternoon, you're able to shave an hour off another day later in the week.

If you don't ask for it, they'll gladly take it. Stop giving it to them for free, and you'll be surprised at how flexible most managers will be. You see, they have lives and families and things to do outside work, too - they understand the issue - but if you don't bring it up, they're sure not going to.

Re:Suck it up. (0)

Anonymous Coward | about a year and a half ago | (#42505521)

no. you'll do/get what you contracted for.

just like everyone else. don't like it? get another job.

Re:Suck it up. (0)

Anonymous Coward | about a year and a half ago | (#42505537)

You know they don't. This "YUO PAID TO WORK" bullshit is always one-way street, and usually emanates from the mouths of sociopaths.

Re:Suck it up. (2, Insightful)

Anonymous Coward | about a year and a half ago | (#42505397)

No, I'm on salary. I get paid to make my skills available to my employer and complete the work I need to do. If you want to pull that bullshit you make me hourly, and do not bother me outside the 9-5 unless you want me to bill you for it. Oh, and expect the additional annoyance from me like reimbursement for all the home electrical power being used to charge your company cellphone and run my company laptop. Ditto for ISP charges.

Asshat.

Re:Suck it up. (1)

jimbolauski (882977) | about a year and a half ago | (#42505461)

" You get paid to work, not deal with personal matters."

Amen brother! This view illustrates that people at work are busy organizing their private lives, making doctor's appointments, calling family, brokers, schools, daycare, tweeting nonsense and updating their online presence and other crap instead of doing their fucking job and they apparently feel entitled to it.

Your forgot /.

Re:Suck it up. (0)

Anonymous Coward | about a year and a half ago | (#42505133)

And besides that: Teachers and daycare professionals will like the fact that they have your work and home phone number and not just a mobile number that may or may not work depending on whether the phone is on, you've paid your bills, you have wireless reception, etc. And if you are tech savvy you can always redirect calls from your home landline number to your mobile phone or your office phone (provided that you have your own phone at work). In other words: No problem here really.

Re:Suck it up. (2)

slackware 3.6 (2524328) | about a year and a half ago | (#42505135)

My daycare insists on my work number or I can't drop the kids off. I think making personal calls or text msging is the big problem. If you need to make a doctor apointment you can easily do that from your desk. Where I work I can bring whatever phone I want but half the time there is no cell service anyway.

Re:Suck it up. (0)

Anonymous Coward | about a year and a half ago | (#42505137)

For those of us whose kids have special medical issues, it's critical. Most schools no longer have nurses on full-time staff, they delegate daytime medical support to lightly trained and much less expensive staff, and rely intensively on contacting the parents for anything critical.

If you tell me that I can't have a smart phone, or at least a phone capable of paging and email for my highly allergic and seizure prone son, I will have my union climbing up your management's asshole with a claw hammer. Forbidding phone use while operating equipment, fine, I can live with that. But I need to guide the school's medical staff on how to handle my son's very occasional emergencies.

Re:Suck it up. (2)

gagol (583737) | about a year and a half ago | (#42505307)

So, your workplace have no phone? I always had a phone on my desk.

Get out much? (0, Informative)

Anonymous Coward | about a year and a half ago | (#42505449)

EVERY worker does not have "a desk", in fact less than 10% of the workers at my present workplace do NOT have "a desk", they have toolboxes on wheels.

Your experience does NOT define ALL reality.

GET OVER YOURSELF!

Re:Suck it up. (1)

Arkham (10779) | about a year and a half ago | (#42505501)

So, your workplace have no phone? I always had a phone on my desk.

Welcome to 1992. The last three companies I worked for (AT&T, Nokia, and a startup) did not have desk phones. They're dinosaurs.

Re:Suck it up. (1)

jordanjay29 (1298951) | about a year and a half ago | (#42505533)

Not everyone works at a desk.

Actually... (1)

dubdays (410710) | about a year and a half ago | (#42505293)

A lot of people I know are using their personal smartphones for work, including me. Check on a server, bring up an app. Check out the WiFi, bring up another app. I have tons of apps on my personal phone that have saved countless hours diagnosing issues

Fact is, an awful lot of employers should be kissing our asses for using our own personal devices to be more productive at work.

Re:Suck it up. (2)

Jason Levine (196982) | about a year and a half ago | (#42505317)

Question: Did you post that response on Slashdot from work?

Re:Suck it up. (3, Insightful)

K. S. Kyosuke (729550) | about a year and a half ago | (#42505353)

Surprisingly smartphones have not been around forever and little Johnny & Sally still managed to make it thru daycare okay.

You make it sound as if the advent of smartphones was the only thing that changed since the fifties. Guess what, people are now required to be "time flexible", and I guess the society changed in many other ways that make it desirable to be reachable.

If there's an EMERGENCY, outsiders can call your employer's main number and ask for you. You get paid to work, not deal with personal matters.

And that switch to the desk phone makes that call somehow...impersonal?

Re:Suck it up. (2, Informative)

Anonymous Coward | about a year and a half ago | (#42505389)

surprisingly, brains have not been around forever and your great^1023 ancestors
got along just fine with no brains at all. they just used basic metabolic pathways.

c'mon. life moves on. eventually you'll have to change too, our become a
dinosaur.

What a good little slave you are (4, Insightful)

SmallFurryCreature (593017) | about a year and a half ago | (#42505535)

My god, this attitude is amazing, what primitive part of the world did you grow up in? Most normal employers realize that work and private live are not so easily seperated and simply allow the two to intertwine. If I ask someone to stay late because of deadlines, can I then deny them time to make calls during office hours to arrange private things? Hell, this must be an American thing. Do you also object to people using the company printer?

Of course, normal people realize there is a line, you can print out a form, your CV is a bit touchy and you do NOT print out a thousand copies of your novel but come on!

If your tried that master slave attitude in Europe, you would find yourself soon with no employees left.

Unless there is a VERY real need for security, everyone carries a mobile phone with them in Europe. The idea you shouldn't answer a personal call during office hours is just so 19th century. Come on, join us in the future, we got cookies!

Ten to one this gti_guy doesn't have a job, lives in a trailer on government assistance and whines about all those leeches living of the state.

People good enough at their job to have one know they are valuable and companies are willing to keep them happy.

No (0)

Anonymous Coward | about a year and a half ago | (#42505047)

Don't ban smartphones completely, obviously, unless you are working on extremely sensitive stuff or something. I think the more interesting question is apart from providing basic guidelines of what to do and what not to do and have some page with some helpful security tips, shouldn't an employer be able to expect that folks will be smart and not put un-reliable apps on their smart phones? The issue in the article above is the same problem one can have with laptops with webcams right? Or am I missing something here?

what about people in the feild who use them for wo (2)

Joe_Dragon (2206452) | about a year and a half ago | (#42505049)

what about people in the field who use them for work???

also useing a smart phone is cheaper then cell phone + data card in a laptop.

Re:what about people in the feild who use them for (3, Informative)

L4t3r4lu5 (1216702) | about a year and a half ago | (#42505243)

People in the field would have a device provided by the company, because the employee would be billing back all related expenditure (data and voice) to the company anyway. That device would be locked down by the IT dept; Both Android and iPhone support device policies and central management now, and BlackBerry was designed for this use.

Re:what about people in the feild who use them for (1)

mindcandy (1252124) | about a year and a half ago | (#42505245)

Then it's a company-issued phone with company-controlled software. That means no angry birds or other goofing-off apps.
If you're allowing BYOD for company use you're asking for problems, but that too is manageable with the proper software containerization.

Re:what about people in the feild who use them for (-1)

Anonymous Coward | about a year and a half ago | (#42505279)

Do you have a subhuman IQ? The ban was for smartphones in their working space within the employer's building. Is reading comprehension a skill you never learned?

Excuses, excuses (0, Flamebait)

petteyg359 (1847514) | about a year and a half ago | (#42505067)

This current reality is that people have started to rely on having their smartphones with them at all times for things such as receiving emergency calls from day cares and schools, making personal calls during normal working hours

Guess what? Your normal "dumb" phone can do that.

accessing password managers

Really? Surely your employer will allow you to install the damn thing on your work computer.

and scheduling calendar events

Ever heard of this old invention called "paper"? They put a bunch of sheets together, draw grids and numbers and month names on them, and call it a "calendar". If you're really desperate, perhaps you could use the internet access your employer provides to access your Google calendar on your work computer.

Verizon and Sprint do not use CSIM (1)

tepples (727027) | about a year and a half ago | (#42505203)

Guess what? Your normal "dumb" phone can do that.

Only in countries where it is common practice to share one SIM between two different phones, a "dumb" phone carried to work and a smartphone used elsewhere. In the United States, on the other hand, Verizon, Sprint, and MVNOs using either of their networks do not use CSIM cards; instead, they program the subscriber identity directly into the handset.

What kind of workplace is this? (1)

Anonymous Coward | about a year and a half ago | (#42505069)

If its a nuclear weapons research facility then this isn't that unreasonable.
If its just some normall business then its typical over reaction!

Re:What kind of workplace is this? (0)

jedidiah (1196) | about a year and a half ago | (#42505569)

This is just a manifestation of the 19th century mentality that you should thank the robber baron for the job they have consented to give to you and that you should just accept any bullshit they heap on you and never complain.

It's just the current anti-labor mentality applied to personal technology.

Absolutely not (disclaimer within) (0)

Anonymous Coward | about a year and a half ago | (#42505079)

My vote is strongly in the 'no' camp. There are other things I use my phone for while I'm working, like listening to music.

In some very secure areas, like what we have where I work (where banking/financial things are processed), I would say yes. Not so much for the malware, but other information-gathering methods, like cameras and whatnot, that can be used to simply record data on screen.

Betteridge's law of headlines. (2)

Raven42rac (448205) | about a year and a half ago | (#42505083)

Someone has to say it, may as well be me. What is this MSN?

Re:Betteridge's law of headlines. (1)

Rob the Bold (788862) | about a year and a half ago | (#42505121)

Someone has to say it, may as well be me. What is this MSN?

Nope. It's a serious news source: The Washington . . . Oh, wait. Nevermind.

Re:Betteridge's law of headlines. (1)

asylumx (881307) | about a year and a half ago | (#42505429)

What is this MSN?

No, but this is "Ask Slashdot" (ask.slashdot.com) -- I do expect the headline to contain a question and the answer to not always be "no."

I read something about... (3, Insightful)

alphatel (1450715) | about a year and a half ago | (#42505091)

Anything that can breach security in a government setting is worth withholding indefinitely until a practical policy can be approved which reduces risk to near zero.
For unrelated/unregulated industries, this approach is unreliable, impractical, unprofitable, and let's face it, just plain stupid.

Re:I read something about... (0)

Anonymous Coward | about a year and a half ago | (#42505409)

Anything that can breach security in a government setting is worth withholding indefinitely until a practical policy can be approved which reduces risk to near zero.
For unrelated/unregulated industries, this approach is unreliable, impractical, unprofitable, and let's face it, just plain stupid.

Are there still unregulated industries left?

ofcours (2)

Kkloe (2751395) | about a year and a half ago | (#42505093)

if the company provides a suitable phone as an alternative and doesnt cost the employee, its called having a work phone and its the employers responsibility to make sure whatever phones they allow that to be secured in the proper way if needed

Key Logger (1)

whitedsepdivine (1491991) | about a year and a half ago | (#42505107)

There has been many projects that use statistics to create a remote key logger based off of sound or vibrations picked up by the acceleration of the phone. The sound and vibration in the table you make by typing actually can be used to figure out to a high accuracy what you typed. Meaning a virus in your phone could figure out where you work and your passwords. But also, they could use lasers to measure the vibration of the window to pick up the sound waves. Your screwed either way.

Depends on how they are used (0)

Anonymous Coward | about a year and a half ago | (#42505117)

It entirely depends on how the devices are used. If it is BYOD scenario then education and anti-virus should be the norm.
If the devices are not attached the the corporate network then there is really no issue.

depends where you work (3, Insightful)

alen (225700) | about a year and a half ago | (#42505129)

if you work in a sensitive area then expect high security
if you work for a US GOVERNMENT agency around classified information then you're probably following these rules already
if you work in a start up with cool tech you might expect something like this

if you work in your average workplace no one is going to care

How reasonable is this concern? (4, Informative)

spikenerd (642677) | about a year and a half ago | (#42505141)

How reasonable is this concern?

Very reasonable, if your employer is a CA. Not at all reasonable if your employer sells hubcaps. Need more info.

How can this sort of malware be prevented?

Educate employees. (But your next question shows that you already know this.)

Is there a way to educate employees...?

Yes. Employees are not algorithms. That's why we employ them instead of just computers.

This current reality is that people have started to rely on having their smartphones...

Yes, if you want effective employees, you should allow them to use their brains, as well as extensions that make them more effective.

Do you have any questions that lack obvious answers--perhaps something worth discussing in a forum?

Certainly in some contexts (0)

Anonymous Coward | about a year and a half ago | (#42505159)

Researchers from the U.S. Naval Surface Warfare Center have developed malicious software that can remotely seize control of the camera on an infected smartphone and employ it to spy

Is your organization one that would likely be the target of a reconnaissance attack by the US Navy? If so, then yes smartphone use should probably be limited because it appears that they have some pretty slick malware at their disposal. If not, then for fuck's sake get a grip. If you don't trust your employees enough to neither keep their phones relatively malware-free AND to not point them at sensitive things (never point a camera at something you wouldn't want anyone else to see, just like you never point a gun at something you wouldn't want to shoot) then you probably need to find new employees (or work on your trust issues).

Re:Certainly in some contexts (1)

Anonymous Coward | about a year and a half ago | (#42505467)

The Navy showed that it can be done. Presumably, the same could be accomplished by foreign governments, corporations, and even individuals.

There are solutions, and the users would complain (2)

morcego (260031) | about a year and a half ago | (#42505163)

It is entirely possible to allow employees to have their smartphones and even notebooks, while keeping them isolated from the company's main network. I did this once for a client. It is not trivial but it is also not magic.

However, after some time, the complain about people not being able to use those equipments to have full access started piling up, to a point it was decided it would be a lesser problem just to ban them.

What people need to understand is that they are inside a company, not their homes. Yes, it can be interesting to the company to allow some accept and freedom, thus improving morale and productivity, but controls are needed, both for security and legal reasons. That is unaccepted to enough people to make it not worthy for the companies to implement.
 

Email/calendars in the corporate world (2)

relikx (1266746) | about a year and a half ago | (#42505165)

Yes, these functions can be easily taken care of with a laptop. However with the constant shuffling from meeting to meeting many times the phone often becomes the go-to device when away from the desk. When away from the office, communications in the evening, over the weekends, etc. are becoming increasingly more prevalent.

This brings up the entire philosophical debate on how much more (or less) productive everything makes people who now no longer have the luxury of checking out, having a singular focus, is forced to multitask, etc. but the greater point is if the expectations are for the constant connectivity of employees in a workplace then you have to take the good with the bad.

Paid to WORK (1)

mindcandy (1252124) | about a year and a half ago | (#42505185)

Is it reasonable? .. absolutely.
I routinely visit a location like this .. when you go through the metal detector/xray if they see a phone (or anything else with a microphone/camera) it gets confiscated and you get it back when you leave. I don't have any issue with this at all.

You're forgetting that you're being paid to WORK .. not attend to personal matters. You have a phone on your desk, don't you? .. I'm fairly certain that in an emergency, someone can call the main number of your employer and say "this is X's daycare, Y just fell down the steps .. we need to speak with Z immediately" and you'll get the call. Remember .. kids survived just fine before cellphones and Google calendar.

The malware concern is legitimate as well .. while it might be technically feasible to create separate networks or require MDM middleware for BYOD it's easier for them to just say "leave it in the car". Think about it .. a simple app can turn your smartphone into a GSM->Wifi bridge, webcam, remote bug, etc. Heck, just this week we reprogrammed a old Android phone and stuck it in a plant to catch somebody stealing out of the office fridge.

Re:Paid to WORK (1)

Anonymous Coward | about a year and a half ago | (#42505381)

You're forgetting that you're being paid to WORK .. not attend to personal matters.
Ok, I'll stay until 5:03 this evening to make up for the time I spent taking that phone call.

Re:Paid to WORK (0)

Anonymous Coward | about a year and a half ago | (#42505489)

So ... I take it your company pays overtime for any additional minute of work past 5pm, right?

It Depends... (3, Interesting)

IonOtter (629215) | about a year and a half ago | (#42505197)

If you're working on material or systems that are classified, or something akin to the iPhone 6, then yeah. Letting *any* communications device into the work area is a very bad idea. You are being targeted. Probably very specifically, too.

If you're not working on anything of that nature, then probably not. Who cares if anyone sees the inside of your office? Or hears you talking sports scores? It's creepy as Hell, and you should probably be more worried about the fact that someone is mucking around inside your phone, listening to you.

The exception to this, is when you walk by some moron's desk, and they have their smartphone plugged into the USB port of the computer, MOUNTED AS A HARD DRIVE.

A computer which is inside the company firewall.

Sometimes, you just have to assume the lowest common denominator, because convenience in listening to an MP3 collection will always trump common sense.

I'm not allowed to have ANY cell phone (0)

Anonymous Coward | about a year and a half ago | (#42505213)

I work in pharmaceutical research. Policy is no cell phone at all, not laptop. No electronics go in and none go out.

Back a few decades ago .... (5, Insightful)

PPH (736903) | about a year and a half ago | (#42505219)

... when I worked for Boeing, this was their company policy. No cameras, radios, or recording devices were allowed on company property. Although this was necessary in areas where classified DoD work was being done, they just applied this policy to all facilities. As cell phones and PDAs with cameras andd recording capabilities became commonplace, they pretty much gave up on enforcing the 'no devices allowed' rule (probably still in force in actual secure areas).

I would consider them (Boeing) and others in their line of business to have about the most conservative position on such technology. Seeing as how they have pretty much given up on such rules, I don't see how any other employers expect to get away with them.

Also, if employees are going to steal proprietary data (for which I'm sure there is a company policy prohibiting said activity), sneaking a camera, USB drive or whatever onto the property in violation of rules is not going to be a deterrent.

YES (-1)

Anonymous Coward | about a year and a half ago | (#42505225)

Next question.

It is VERY important to allow this (-1)

Anonymous Coward | about a year and a half ago | (#42505229)

It's how Batman defeats the Joker.

Good luck (4, Insightful)

ironicsky (569792) | about a year and a half ago | (#42505231)

If, after 20+ years of personal computers we still can't stop people from accidentally downloading malware, good luck preventing it on smart phones and other portable devices. The problem is, and always will be, the ignorance of the user.

Re:Good luck (2)

PPH (736903) | about a year and a half ago | (#42505249)

Bring your cell phone to work. Just don't connect it to the company network.

Re:Good luck (0)

Anonymous Coward | about a year and a half ago | (#42505351)

or better yet, don't have a company network.

BYOND - Bring Your Own Network & Device

Re:Good luck (0)

Anonymous Coward | about a year and a half ago | (#42505509)

If, after 20+ years of personal computers we still can't stop people from accidentally downloading malware, good luck preventing it on smart phones and other portable devices.

Well, this sort of thing is trivial with the blackberry platform.

Many very smart people at Research in Motion have thought long & hard about how to secure mobile devices & communications from end to end.

It's kind of sad that most people don't care and would rather have an iphone/android that makes it trivially easy for a rogue app to steal all your information.

Re:Good luck (0)

Anonymous Coward | about a year and a half ago | (#42505519)

iOS has been around for at least six years, and there has been -zero- issues of malware on the platform with regards to non-jailbroken devices. Were I worried, I'd make a profile that is pushed to devices if they want to connect, force iOS 6 and either iPhone 4S or 5, and be done with it. With an OS that has demonstrated 100% security in the field, I'm not really worried. Android, on the other hand, I'd not let near any network of any value.

Re:Good luck (1)

Thyamine (531612) | about a year and a half ago | (#42505575)

Exactly my thought. People can't protect their workstations, so how is the phone the problem? If people are going to steal data or download malware, it will happen regardless of lack of intent or rules preventing devices.

And yes, I'm being paid to work, but since I also expected to have a smart phone to respond to emails/calls after hours, I expect to have the same applied to family/personal issues during business hours.

Start with iphone users first (-1)

Anonymous Coward | about a year and a half ago | (#42505253)

Since only morons would by shiny toys like iphone, you better get rid of iphone users before they bring your company down. Start with firing all employee with iphones and then worry about the technological threat.

Not just malware that is an issue (5, Informative)

oobayly (1056050) | about a year and a half ago | (#42505323)

We were have some pretty bizarre network problems in our office one day - some machines were able to connect to our db server whilst some couldn't, and other could intermittently. Long story short*, somebody's smartphone (Android in this case) was responding to ARP requests (requesting the MAC of the server) even though it was showing its IP address as being assigned by DHCP. I reckon its previous IP on the user's home network was the same as our server, and for some reason kept answering to them.

*Once I realised that packets didn't seem to be making it to the server (pings were intermittent), it dawned upon me to check the ARP tables on the clients. Looking up the manufacturer of the MAC address didn't immediately help as I didn't recognise the name, though I assumed it was a phone. At that stage I wasted time looking through all the phones looking for an IP address conflict (bad assumption). Finally looked up the DHCP leases for the offending MAC, found it's current IP (no hostname was provided by the client), found the offending phone, and very nearly shoved it the arse of the owner.

People are thinking of things wrong (1)

RobertLTux (260313) | about a year and a half ago | (#42505349)

1 you don't have a "cell phone" you have a Mobile Computing Device (that does phone calls)

2 you don't have to be connected to your personal/business world 24/7/52

for the lower end get a metal box of some sort line it with paper and then for a few hours a week put your MCP in the box and CLOSE it

for the 1% folks get somebody to line an old cigar box with metal and then silk and a few hours a month put your MCP in the box and close it.

and no but then BYOD policies are STUPID if your business requires cells/MCPs then ISSUE THEM

Don't connect to the company network (2)

Rastl (955935) | about a year and a half ago | (#42505357)

It's that simple. Buy a wall charger (if you need to charge the phone during the day) and keep the thing completely off the grid at work. There's no way I would connect a storage device to my company network. They tend to frown on that kind of thing.

So where's the problem?

As ye reap (2)

Amorymeltzer (1213818) | about a year and a half ago | (#42505369)

Is it fair? Sure. But if they want to ban your phone in their office, politely tell them you are quite fairly banning their office on your phone. No work after 5, no emails over the weekend, no contact over holidays; that stick goes both ways and if you can't bring your life to work you shouldn't have to bring your work into your life.

Re:As ye reap (1)

zacherynuk (2782105) | about a year and a half ago | (#42505483)

Oooh I like this sentiment. If only life was so black and white!

Wifi (1)

zacherynuk (2782105) | about a year and a half ago | (#42505375)

A properly managed wifi infrastructure should mitigate most of the concerns.
We normally roll out Internal, Internal Limited Access (eg to internal mail gateway or intranet only for pool devices) and Guest wifi AP’s.
Phones, tablets and non corporate-controlled notebooks get guest AP access only, so that any internal access is through normal firewalled routes. All wifi access is via firewalled connections, even internal.

Good luck (0)

Anonymous Coward | about a year and a half ago | (#42505417)

Good luck getting smart/skilled people to work for you -- anyone with half a brain (and/or a shred of self-respect) wouldn't subject themselves to such a workplace for half of their waking hours.

Only the IT department... (1)

Sir_Eptishous (873977) | about a year and a half ago | (#42505419)

should be allowed the use of smartphones.

This pisses me off (0)

Anonymous Coward | about a year and a half ago | (#42505421)

The assumption that you can't just leave your smartphone in your car is absurd.

This current reality is that people have started to rely on having their smartphones with them at all times for things such as receiving emergency calls from day cares and schools

If only you had a phone at your desk and work and could give out this "work number" like people have been doing for about, oh, a hundred years?

making personal calls during normal working hours (i.e. to make doctor's appointments)

Pick up the phone at your desk and dial.

accessing password managers

This is pretty absurd. There's a few million people in this world who don't require a password manager on their PERSONAL PHONE.

and scheduling calendar events

Jesus H Christ, get off facebook and get back to work. What is this world coming to.

The Galactica... (-1)

Anonymous Coward | about a year and a half ago | (#42505427)

was one of only two military ships to survive the Cylon invasion.

Ban cell phones (1)

cod3r_ (2031620) | about a year and a half ago | (#42505491)

If you are going to ban cell phones ban them. Don't single out "smart phones" that to me just seems silly. A lot of jobs probably require to some degree that people have their cell phones though, but we are entering an era where there will be nothing but smart phones. An exercise in futility to ban them I'd say.

MobileIron (4, Interesting)

hagrin (896731) | about a year and a half ago | (#42505527)

We are actually in the midst of going through something similar at my company (a very open, not secretive environmental firm). We recognized through employee surveillance and traffic logs that cell phones were a huge security risk at our firm and the decision was made to control as much as we could while still maintaining our "Mom & Pop" company feel.

We switched all of our cell phones from one carrier to ATT and we purchased the MobileIron software (VPS and Sentry) to control all the aspects of the company phones that enter our buildings. In addition, for the people who chose the monthly subsidy as opposed to a company phone, we prevent them from getting WiFi access from within our offices as best we can (MAC whitelisting isn't foolproof but helps with 99% of our users). We don't allow the non-company provided phones to work if they are plugged into workstations via USB cable. With MobileIron I can control basically every aspect of their smartphones including camera control, data usage, app installs, etc.

Now, we don't have this fully running in production yet so I can't comment on the pitfalls I'm sure to face, but the short answer is workplaces don't necessarily need to ban smartphones as that could actually cripple some business processes; however, they are definitely a security threat that need to be managed just like other corporate and employee owned devices.

Back in the Day (0)

Anonymous Coward | about a year and a half ago | (#42505543)

Enron used to keep their fax machines locked up to prevent "espionage". Of course, we all know why they did that.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>