Home Phones at Work?

There needs to be a clear line between device use for personal and work purposes.  This will include phone calls, emails and application use.  There have been recent examples of poor practice at the highest levels of the UK government.  In October 2022 it was revealed that Liz Truss while foreign secretary had her mobile phone compromised allowing hackers to eavesdrop on high level government discussions.  Around the same time the home secretary Suella Braverman admitted to forwarding government documents to her personal email account.

It might have been expected that large, security conscious organisations including members of the UK cabinet would be following some form of Mobile Device Management solution.  These can restrict applications that can be installed and used as well as facilitating remote updates and even device wiping.  These solutions do restrict what the individual can do at work and can tempt employees to carry another, personal, device to work.  This breaks the security fence set up by MDM and impacts on the work life balance of the individual.  Some MDM solutions turn the device into a kiosk device. These are locked down to only provide corporate applications such as a bathroom design service for a retail chain.  Any communications outside the business of work might be impossible on such a system.

If a personal device is used for work related communications then it facilitates receiving work calls and emails outside of the working day.  A regulated device, provided by an employer could be left at work or turned off when not required.

With the growth in the use of mobile phones many expect instant communications even for matters of a trivial nature.  Older readers will recall living without constant connectivity even for emergency use.  The BBC was still transmitting emergency contact messages on the radio up until the 1990s.   It would be hard to deny the use of a personal phone for real emergencies but this will be an uncommon occurrence.

There is a grey area of the sort of communications that are not essential but lighten the working day and might take place during sanctioned break times.  These would be harmless only if no work related activity or data transfer takes place on any personal device.  A personal device could be hacked and cannot be remotely disabled or wiped such as within a MDM system.

The means of communication also needs to be considered.  Voice conversations can be overheard and recorded if either the sending or receiving device is hacked. Emails containing personal information from within an organisation would be a breach of GDPR if sent to an external not corporate email server.  Facebook and WhatsApp chat applications are a real risk as they store data external to the organisation and facilitate communications with ‘friends’ who might only be known by screen names.  These individuals might not be who they appear and could compromise security.  Certainly caution should be applied before using either for customer focussed contacts.  FaceBook and WhatsApp position themselves as a data processor rather than a data controller under the GDPR .  This leaves the security issues of personal data passed through their systems within the user’s responsibility.

The overall rules should be to use Mobile Device Management and issue corporate devices where feasible.  Often this is not the practical so corporate rules need to set how and when personal devices can be used at work.  A system of warnings and potential disciplinary actions needs to be in place to ensure that rules are followed but that employees’ freedom is not unnecessarily restricted.

 

More from Security

13/05/2024

eCommerce Shop Scams

Data from Security Research Labs has revealed a China based fake shopping network that they have named ‘BogusBazaar.’  They claim that: ‘As of April …

Read post

08/05/2024

Lockbit Ransomware Takedown

In February 2024 the UK National Crime Agency released details of how the NCA and other international policing agencies had disrupted the actions of …

Read post

23/04/2024

UK Cyber security breaches survey 2024

Lies, damned lies, and statistics (attributed to Disraeli) The UK Cyber Security Breaches Survey 2024 was published on 9th April 2024.  Not surprisingly it …

Read post

25/03/2024

Digital Gift Card Issues

Both Apple and Google offer gift card services for use on their App stores.  Just as it states on the tin the card can …

Read post

Sign Up

Sign up to our newsletter list here.

    Successful sign up

    Thank you for signing up to our newsletter list.

    Check your inbox for all the latest information from Kindus

    Categories