The hidden mischief of our corporate devices

Smartphones and tablets are now integral to business. They underpin mobile working, which in turn boosts productivity and enables the flexible working patterns that are helping businesses attract top staff, keep people motivated and drive efficiencies throughout organisations.

Many businesses provide their employees with top of the range smartphones and tablets, meaning consumer communication tools have rapidly become part of enterprise and SMB collaboration ecosytems.

Nominally, these devices are for emails and secure enterprise apps. However, some of the best-known uses are also Skype, WhatsApp, Google Hangouts, Apple’s FaceTime and Facebook Messenger. All of these contribute to a portfolio of communications tools that help tap into a consumer landscape where everything is instant, collaborative and shareable – and this is without doubt, helping propel businesses forward.

But it turns out people are also using their work devices to get up to mischief. My company researched employees to find out some of the more salacious activities they get up to on their corporate phones and tablets, and the results made interesting reading.

More than half of respondents use their work devices for personal activity, from shopping to social networking, gaming and porn. Indeed, 3 per cent admitted to having ‘sexted’, taken compromising photos of their partner or installed a porn app on their device. Five per cent have also watched or listened to pirated material and 2 per cent have used the dating app, Tinder and Omegle.

The research highlights that a significant number of people are blurring the lines between corporate and personal devices and this is further demonstrated by the fact that 28 per cent admitted to having taken a work device on a night out. But this consumerisation of work devices could be putting corporate data at risk.

Work devices are a portal to company data and the more people treat them like personal phones, the more at risk a company is. Data can easily be leaked through loss or theft. If you’re taking your phone on a night out to a bar or a restaurant, you could be more likely to leave it behind or have it stolen than if it was resting in your laptop bag at home.

Added to this consumerisation-fuelled risk is the fact that people will do almost anything to get their hands on these top-end devices and the data on them. At Absolute, we have seen some crazy examples when working with businesses to retrieve smartphones, tablets and laptops.

There was the neighbour who excavated through his neighbour’s attic wall to burgle devices from the house. There was a hotel bell hop stealing laptops from luggage. There was an incident with a local council IT employee who was identified as a laptop thief to the police, who then discovered his whole house full of council IT property.

Data and device loss is not to be sniffed at, with the ICO empowered to fine companies up to £500,000 for breaches of the Data Protection Act. Indeed in March, data protection law specialist Kathryn Wynn of Pinsent Masons claimed that the UK government should consider raising the level of fines that the ICO can impose, as it would drum home the importance of data security even more.

All this considered, businesses need to look into how they educate staff and manage the use of corporate devices to avoid being stung, both reputationally and financially. Employees must be informed about data security and this comes from an understanding of the consumerisation of IT throughout the hierarchy of a business.

The more a business understands the risks out there, and the potential impact on the company, the easier it will be to work together with employees to create a secure environment. However, data protection shouldn’t just stop at education. Any initiative like this must be coupled with strong security policies and the right tools for securely tracking and managing every device that has access to your corporate network. These two simple steps will help you protect data by reining in some of the more mischievous use of corporate devices while also enabling mobile working.