This story is a warning about the risks of using your personal smart phone, tablet computer, or mobile device for work for your employer. NPR reported a story about how Amanda Stanton's employer killed her personal iPhone remotely without notice and without authorization:
"... Amanda Stanton's iPhone suddenly went black. She had been talking on it and navigating with a GPS app during a work trip to Los Angeles. Then, without any warning or error message, the phone quit. Everything was gone — all her contacts, photos and even the phone's ability to make calls."
I would imagine that Stanton felt mugged. I know that I would have felt like I had been mugged. We consumers store so much personal information on our smart phones and tablet computers.
In this case, the Information Technology department at Stanton's employer accidentally wiped clean Stanton's smartphone with a command via a email. While that sounds like science fiction, it is indeed fact. According to the news story, many of today's smartphones and tablet computers come preloaded with software that enables key device features (e.g., the device, its camera, its web browser) to be turned on or off.
Did you know this? I didn't and I bet you didn't either. Stanton's experience is troubling because it was her personal iPhone and not the company's property. While it is convenient for consumers to use a single mobile device while traveling or away from the office, it may not be wise to use your mobile device for your employer's business. Stanton's experience highlights several issues consumers need to consider:
- Lost/stolen mobile devices: the remote wipe function is helpful for consumers when your smartphone/tablet is lost or stolen. The thief is unable to use the device and can't access any sensitive personal data you have saved on it. Browse remote-wipe instructions for iPhone users, or for Palm Pre users. Browse data security suggestions for Blackberry users. Consumers with Android phones should consider using the Mobile Defense app.
- Protection of company assets: the remote-wipe function is helpful for employers to minimize the data breach impact when smartphones or mobile devices contain proprietary company data or information about the company's clients, customers, processes, or financial statements. Plenty of data breaches have resulted from lost/stolen laptops. Smartphones and tablets represent the next wave of data breaches. It wise to avoid storing company information on your personal smartphone or tablet PC.
- Corporate policies: it is wise for consumers to know their employer's policy about using personal mobile devices for company business. The policy may require the employee to waive certain rights. In Stanton's case, she decided it was too risky to use her personal iPhone for company business. The same risks may apply to you. The employer's policy make maybe one-sided; effectively that the employer gets the right to control the employee's personal device. Or worse: the employer may not have a policy leaving things vague or inconsistently handled by the employer's Information Technology or security department.
- Safety Issues: Stanton's situation could have placed her personal safety at risk. I shudder to think of a woman traveling alone in a strange city who may need help only to find her smartphone doesn't work due to a remove wipe. Stanton's situation could have had really negative, unintended consequences.
- Password Protection: you should password-protect your phone so only you can use it. You can set your phone to automatically self wipe after X number of failed sign-in attempts.
If an employer lacks a policy for mobile devices and events like Stanton's continue to happen, then I expect the issue will get resolved in the courts. As the author concluded:
"... there's now a breakdown of the old paradigm that your company controls work devices and you control yours and 'never the twain shall meet.' "
Breakdown, indeed. For the reasons listed above, there it is wise to keep your business and personal information on separate mobile devices. What do you think?