BYOD: Like inviting your boss into your house when you're not home

BYOD: Like inviting your boss into your house when you're not home

Summary: The Bring Your Own Device (BYOD) movement is gaining traction, but before you bring your phone to work you'd better think it through.


On the surface, being able to use your beloved smartphone for both personal and work activities sounds like a good idea. For many, not having to use two different phones is reward enough, and others find it a blessing not having to use a work phone running a platform they don't like. As compelling as BYOD may be, it's not without exposure.

When you have a phone assigned by your employer you know it's for work and nothing else. You've been warned not to make personal calls, use the phone for personal email, etc. You don't play around with the work phone, that's restricted to your personal phone.

Don't miss the special feature: BYOD and the Consumerization of IT

Once you bring your personal phone to work as part of a BYOD program, all of that changes even though it may not be obvious. It may seem like it's your own phone, and technically it is, but with the employer involved that's not quite true.

The only way to protect yourself is don't keep any personal stuff on your BYOD phone. That may defeat the purpose of using your own phone for work but that's the harsh reality.

Your BYOD phone may be set up by your employer to have your personal stuff separate from your work stuff which is good. You should be able to take photos, install and use apps, along with other activities you'd do on your phone without BYOD participation.

What you must realize is that your employer may insist at some point to scrutinize what's on your BYOD phone. Perhaps there's a rumor that an employee is grabbing company information, or that someone is snapping photos of sensitive things in the office. Maybe your company simply wants to update your work apps or settings.

Whatever the reason, it's not outside the realm of possibility that one day your employer may analyze the information on your phone. Yes, it's your personal phone but the BYOD situation means it's also the same as a work-provided phone.

Maybe it's not a big deal if your boss asks you to hand your phone over, but it still won't be a comfortable situation. What personal photos have you taken that reside on the phone? What intimate text messages have you exchanged with your spouse? You get the picture. It would be sort of like inviting your boss to your home when you're not there. What might he find snooping around your hacienda?

It's not just phones, either. Some folks are taking tablets to work and those may expose even more personal data. Tablet owners usually surf the web more heavily on a tablet than a phone. What would your boss see if your web history was analyzed?

The only way to protect yourself is don't keep any personal stuff on your BYOD phone. That may defeat the purpose of using your own phone for work but that's the harsh reality. Don't keep any photos on the phone. Don't keep any communications of any kind that you don't want your employer to see. The rules change when you use your own phone for work.

The fact is even innocuous things on your phone could get you in a world of trouble if your employer saw them. That photo you took of your buddies after a few too many in the local pub? That could get them in hot water if they are coworkers and your/their boss saw it. Same for that email your coworker sent to your personal email with complaints about his/her boss.

It's important to realize that even though you own the phone and you keep the non-work stuff separate from the work activities, that information is still exposed to the employer upon demand. If the company IT people need to see your phone, it's out of your hands (literally) and there's nothing you can do about. At that point it's only sort of your phone. 

See related:

The ABC's of BYOD for the SMB

BYOD: Death of the nonworking vacation?

5 things not to do when telecommuting

Home workers: Get out and meet people

Topics: Mobility, Smartphones, Tablets, Bring Your Own Device

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • BYOD is silly

    I still maintain that if the company wants employees to have computers, phones, pads, or whatever that they should supply what is required. If employees want there own hardware at all time they should just carry both around.
    • Yeah and

      I agree with you and I have to tell you, I'm not seeing this movement. For years this guy has been claiming this movement is gaining steam and I'm not seeing it at any company I or my friends work.

      We have people who work at home and they're all provided with a complete setup including IP Phone but, Tech Bloggers know more than people out in the real world I guess.
      • Yeah and....

        Yes, slickjim, tech people actually do a techie job. Tech writers only write about tech. It's just like the articles predicting the ultimate death of Unix that have been going around practically since its inception. Tech journalists thrive on headline hyperbole. We're sick of reading it. What do you call a busload of tech writers going over a cliff? A darned good start.
      • i'm seeing it a lot

        Hi :)
        I am seeing it a lot. Both my bosses bring their own devices in and use them when they are out of the office at meetings or whatnot. Employees bring in their own devices although they tend to only use them in break-times and only for personal stuff but occasionally they do use them for work too.

        We have just written a policy that says no-one is allowed to use BYOD but there is no technical blocker and people keep using their own devices. I've suggested re-writing the policy to match what we actually do and find useful because it undermines the other policies if we routinely ignore one of the them but people don't really understand IT enough to understand they are breaking the policy they have just written.
        Regards from
        Tom :)
    • choice is king

      While I agree with you to the fact if you need these items they should be supplied there are benefits to supplying your own devices.

      Such as picking your device you want versus being handed something. I love my Note phone and if I was handed an iphone/S3 mini or some other smaller device I'd be upset.

      I love the real estate choice. On the other hand my Note is not for everyone and people could be handed the monster phone and hate having to lug that around and want a smaller device.
      • So, let me as you this...

        Say your entire company is on Linux and you decide you want an iPhone. The app the company makes runs an Android. Would you approve the company spend a few hundred thousand dollars in upfront costs and even more on double maintenance just so you can ahve an iPhone? If the answer is yes, I hope you never get hired by anyone I work for.

        The reason why most companies use a single solution, be it Linux or Microsoft, is because the cost of building an maintaining software is just too expensive across too many devices. This is precisely why the web took off in the 2000's, to avert all that silly desktop deployment stuff. But web sites usually fail for usability compared to applications.
        A Gray
        • choices

          Hi :)
          Anything written for Gnu&Linux is fairly easy to port to Mac. The underlaying OS has almost identical commands and libraries, both are unix-based. Porting from Gnu&Linux (or Mac) to Windows is quite a bit tougher.

          The next toughest thing is to port from Mac to Gnu&Linux but again it's not usually all that much of a problem.

          The deal-breaker is trying to port anything from Windows to Mac or Gnu&Linux.

          It's like a 1-way system. Start from Gnu&Linux and pass through Mac on your way to Windows is fast and fairly easy. Try going the other way and you keep hitting snags.

          Mac and Gnu&Linux both give easy choices that Windows doesn't (or that it makes tough). It's easy to set-up a virtual machine or other options. Also a lot of things are already ported between the 2.
          Regards from
          Tom :)
    • Tools of the trade.

      An employee is expected to provide their own transportation - and sometimes pay for parking at their place of business.

      A construction worker is expected to have there own hammer/tools.

      I don't see that it is much of a stretch to expect an employee to have their own cell phone. Or a computer or tablet.

      Today, most employers provide those things to their employees, in one form or another but the employee always has the option to keep their work-life and their personal-life separate no matter what the official policy might be.

      BYOD simply provides the employee a level of convenience which might not otherwise be available. It really is in the hands of the employee to decide.
      M Wagner
      • Subtle difference

        The problem alluded to with BYOD is both personal and company data are on the same device. The company owns their data but not the device. If you leave, what happens to the company data, you are not turning the device to the company. If the company issues you a device to use the company clearly owns it and can demand its return at any time, no questions asked.

        The analogy with tools overlooks that a hammer or wrench does not remember the plans.
        • Remote wipe

          My employer can remote wipe my personal phone since connected with that exchange policy. I don't care, since all my personal stuff is backed up in the cloud.
          • You really don't care that someone can randomly erase your phone?

            Well, I hope you never have to find out how incomplete cloud backups of phones tend to be...
          • Feel like being a dork..

            Actually it wouldn't be random at all, not even pseudo-random. It would be wiped with intent and purpose. :-)
          • Yep...

            I work in I.T. for a company that just implemented a BYOD policy. They compensate people with monthly stipend payments to offset at least a portion of the monthly phone bills (actually, it's enough so one could pay a whole bill with it if the right carrier and plan was selected and/or the employee takes advantage of any available corporate discounts that might be available to them). Many people grumbled about the change, but I think it was handled about as fairly as was possible to do. (Existing handsets the company owned were given to the employees using them as one-time gifts, to help ease the transition.)

            We certainly can do a remote wipe of any of the phones linked to our mail system, but realistically, there's no reason I.T. would ever do that unless someone came to us first saying the phone was lost or stolen and he/she WANTED it wiped.

            As for having access to people's personal data on their dual-use devices? I guess that's true, but again, I think our company has an overall atmosphere of trust and respect. Maybe it wouldn't work so well at some businesses -- but here? I think most people know I.T. strives to help them do their jobs as well as possible. We're too busy to play "compu-cop", trying to police what's on a given device that might not be "work related" or "appropriate". As I've long said about these issues -- it's all a management problem, not an I.T. problem. We issue and maintain the digital tools, and exist to provide assistance with them as needed. It's your manager or supervisor you report to who should be concerned with how you're using your time and resources -- not us. (If your boss says you're getting all the work done he/she needs done and is happy with your performance? Then maybe it's just fine if you store 20GB of MP3 music on your device and listen to it during the day, or have a big photo archive of your kid's scouting events that you're a scout master for, or ?? Not my problem to come in as I.T. and dictate it "doesn't belong" and "must go".)
        • "owns the device"

          Some companies would have us believe that THEY own the device rights and if we as end-users want to modify some of aspects of firmware or apps that allow similar loopholes, if you did that today you could be subject to $500,000 fine and up to 5 years in prison. That's just for trying to use the phone you own (kinda) with the carrier you want.
      • There's a main difference...

        The car and parking are optional - you can take transit. And when you do bring your car, it's not expected that you use it for business use - you typically can claim expenses if that happens. It's also very unusual for most employers to *expect* to be free to use your car for business work (although that is the case in a few professions).

        Construction work is a little different since that's a trade (and not all construction workers are expected to have their own tools). The cost of the tools and their replacement are factored into the wages - and there are tax breaks for this.

        But a phone has an ongoing and variable cost associated with it. If I bring my phone to work - letting my employers use it means I'm paying for work-related costs unless I'm reimbursed.

        The argument that it's becoming expected is rather disturbing and puts the needs of my employer before my own need. So let's flip this around - I, as a worker, am a business. I sell my employer my time and skills for a negotiated price. If, after the fact, my employer starts to add expenses onto me (unpaid overtime, expecting to use my phone and its hours for work purposes, etc), then it means our agreement has been breached. My employer is now asking for more 'stuff' for the same salary. That's unethical and may, in some cases, be illegal. In either case, workers should never just shrug and say 'that's how it is' because that's exactly how it comes to be how it is.

        BTW, this is exactly why unions got started in the first place...

        In the end, it's the employer's obligation to provide the resources an employee needs to do their work - and if that's not practical, to negotiate a reasonable compensation for using the employee's personal property.

        As for me, while I can see the benefits of BYODing my tablet - using my phone for work stuff is right off the table. It's too messy and just not worth it. My employers can go get a cheap phone for me with just their number on it.
        • Whoa there Werewolf, no throwing out the union concept

          What prompted your comment about "this is why unions got started..." Unions were needed to get fair wages and working conditions in production (or slave shops) environments. IT and professional offices are very different, and unions are the last thing I would would want to deal with as an employee, let along a manager.

          Most importantly, the request for BYOD is coming from the employees, not the company or company management. Many companies and management are fighting BYOD. The employees want only one device, of their choice, regardless of what the IT or company management would suggest otherwise. Many are willing to pay for the device or share in the cost, and are willing to have the device somewhat controlled by their employer. This is not a union shop type concept.
    • BYOD I've Seen

      Before I retired I worked for a company which installed phone systems for small to medium companies (and very large houses). A local auto dealership expected (required?) their sales and mobile service people to link their personal cell phones to their work extension. We offered to supply (sell them) cell type phones which were part of the phone switch, but the dealership opted to use the personal cell phones instead, probably because of the cost. This way, they didn't have to pay anything for the cell phones and didn't even have to pay for the air time minutes.

      I didn't think about these things (from the article) since at the time all phones were dumb and didn't have the kind of features mentioned. But I'm sure they're still doing the same thing there. But as I'm no longer in contact, it's just something I guess I'll think about.
  • Hogwash

    The only claim my company makes on my BYOD devices is the right to remote wipe it. As all data is backed up to non company locations I have no problem with this. This is consistent with the approach I have seen at other large international organisations.
    If your company wants unfettered access to your device tell them to purchase you a corporate device. If they want to enable you to increase your productivity by using a personal device that doesnt automatically give them rights to your private information.
    • A well-oiled organization gives you access to the corporate data ...

      ... you need to do the job but delivers it in such a way that it can only be stored in your employer's cloud. That way, the data is completely protected no matter what!
      M Wagner
    • What's required and what they CAN do

      If you are using company email and that company email allows them to remotely wipe your device, they can also ask you to turn in that device at any time. They might not advertise that, but its part of your agreement to allow them to "assure" that all data has been wiped. how do you think they "assure" it? Answer: they look.
      A Gray