When a computer in Davis Merrey’s church came down with a virus, staff were astonished because the computer is located in the church’s audiovisual booth and has no Internet connection. But Merrey, owner and chief executive of TeamLogic IT of Oklahoma City, instantly suspected what he eventually confirmed: Someone plugged a flash drive into the computer’s USB port to upload, what were infected, files.
With the explosion of a trend that’s called BYOD — or Bring Your Own Device, the scenario is all too common across workplaces today, Merrey said. Workers want to use one phone, laptop and/or tablet, say, for their personal and professional lives, while businesses want to give employees the ability to work any time, anywhere.
Merrey said the trend started with large companies, whose leaders liked the idea of saving on IT costs. But he and other experts say the short-term capital savings from BYOD easily is outweighed by the potential expense and public relations problems if devices are hacked, lost or stolen, and sensitive data is compromised.
Placing a ban
Tinker Air Force Base, Hitachi Computer Products Inc. in Norman and Southwest Medical Center in Lawton fully or partially ban BYOD for security and/or privacy reasons.
“We aren’t permitted to plug any electronic device into our computers, be it smart phones, MP3 players, thumb drives or whatever,” one Tinker mechanic said. “The military sees cyber warfare as a very real and serious threat,” he said, pointing to the Stuxnet virus, which was released, presumably via a thumb drive, onto the Internet in June 2010 specifically to damage Iranian centrifuges used for separating nuclear material.
Cindy Young, Hitachi human resources director, said the company, which employs 373, issues company phones and laptops to those at a certain grade level. Meanwhile, Southwest allows employees to use personal laptops and tablets, but they can’t be connected to the system.
“We have to be very careful due to HIPAA (Health Insurance Portability and Accountability Act) requirements for information security,” said William Morrow, recruiting and retention coordinator. “For work-related emails, we have a number of people that utilize smart phones to stay connected, but we don’t allow texting of patient information,” he said.
Sixty-five percent of businesses worldwide allow employees to use their own mobile devices to access email and other organizational data. Forty-five percent report taking additional security measures, including installing the latest security fixes and patches, conducting security audits and training employees. Only 13 percent have specific policies regarding the use of personal mobile devices.