Are BYOD Employees Decommissioning Mobile Devices Properly?
- 13 December, 2012 15:31
Sales of mobile devices are expected to surge this holiday season. Whether your firm has embraced bring-your-own-device (BYOD) or elected to look the other way that means many of your employees can be expected to upgrade their tablets and smartphones. But what about their old devices? Will they be decommissioned properly?
According to a new survey by Harris Interactive--on behalf of Fiberlink, a provider of mobile device management (MDM) and mobile application management (MAM) solutions--the answer is probably not.
In July, Harris Interactive polled 2,243 U.S. adults ages 18 and older and found that most BYOD employees are not properly disposing of or wiping corporate information from personal devices when they upgrade.
Harris found that among U.S. adults who previously had a smartphone and/or tablet use for work and who have now upgraded, only 16 percent had the data professionally wiped from the old device and only five percent had the device securely destroyed. Most respondents (58 percent) kept the old device though it remained inactive; 13 percent turned it over to their service provider; 11 percent said they donated the device, gave it away or threw it in the trash; and nine percent did something else with their previous device.
BYOD Devices Don't Go IT After Upgrade
"This is the beginning of something we haven't seen before, which is the retirement of devices that aren't going to end up back in IT's hands," says David Lingenfelter, information security officer at Fiberlink. "Some people are handing them off to their kids to use, whether they keep a cellular service on it or just use it as a Wi-Fi device. We're seeing a lot of trade-ins and hand-offs to children or siblings that aren't associated with the company. And when you trade a device in, the people you're trading it into may or may not wipe it before they auction it off or sell it as a used device."
And while turning off email access remotely is a simple matter, this past year has seen a spike in the use of personally owned mobile devices used to access other corporate data, Lingenfelter says. They often store important documents and files, not to mention data in mobile apps. Additionally, properly wiping a device is not necessarily straightforward. For instance, Lingenfelter says, if a device has a microSD card, wiping the device may not wipe the memory on the card.
To deal with this issue, Lingenfelter recommends adding provisions for decommissioning BYOD devices to your BYOD or mobile policy.
"I think it's really important that companies have a BYOD policy, not just to protect the company but to protect the consumer," he says. "There needs to be something in the policy to say whether the company does or does not have rights to the data on the device. In this case I think you can spin it to the end user. It's not just corporate data you have to worry about, it's all your own personal information too."
A Four-Step Process for Decommissioning Mobile Devices
Fiberlink recommends IT departments ask employees to follow a four-step process for decommissioning mobile devices:
Notify the IT department. Once employees receive a new device to use with the company's BYOD program, they should send a note to the IT department to let IT know they plan to swap devices.
Transfer corporate materials to the new device. IT can transfer all corporate materials from the old device to the new device. This can be relatively painless with an MDM solution but can also be done without one.
Extract personal data from the device. Remove and save all personal files from the old device.
Erase all remaining corporate data. Fully decommission the old device. Most devices have an option in the setting menu to perform a factory data reset to wipe all the data completely (if your company uses an MDM platform, it can wipe the data remotely). If your device has a microSD card, manually remove it and use it in your new device or erase the data from it as well.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
The enlightened CIO’s guide to running projects
The enlightened CIO’s guide to running projects
Why IT projects really fail
Queensland government to provide 200 services online by 2015
Call Centers Suffer From Big Data Overload
The New Disruption for Brands
The new frontier of mobile and social is a game changer, opening new channels in which consumers and brands can interact. This whitepaper details the results of a survey spanning consumers in the US, UK, Singapore and Australia, exploring their expectations of using mobile devices and social media to engage with brands. The results confirm that consumers live across various channels, and as part of their experience there is an expectation of consistency, value and individualised attention. Read more to learn who you’re talking to, what to say and where to say it.
Managing Web Security in an Increasingly Challenging Threat Landscape
Cybercriminals have increasingly turned their attention to the web, which has become by far the predominant area of attack. Those who would do harm to our computer systems for profit or malice always manage to focus their efforts on our most vulnerable weak spots. Today, that is the web, for a wide number of reasons. Download to find out why and what you can do to protect yourself.
Best Practices to Make BYOD Simple and Secure
As consumerisation continues to transform IT, organisations are moving quickly to design strategies to allow BYOD in the workplace. This paper provides IT executives with guidance to develop a complete BYOD strategy which gives people optimal freedom of choice while helping IT adapt to consumerisation - at the same time addressing requirements for security, simplicity and cost reduction. Find out how device ownership eases IT burdens in endpoint procurement and management. Click to download!