| Executives December 11, 2017
December 11, 2017
By Bob Stevens
In the wake of concerns that White House Chief of Staff John Kelly's personal smartphone was breached, I'm not surprised to hear reports that the White House is considering an outright ban on personal smartphones in the workplace. This recognition that mobile devices are insecure is a step in the right direction, but I have to wonder, is a ban the answer?
It is encouraging to see government leaders recognize the threats mobile devices pose to government security. Microphones, cameras, and the sheer volume of personal and work data accessible on our phones have made mobile devices the ideal weapon for cyber espionage. Using a targeted surveillanceware attack, a malicious actor can control the microphone to listen to private conversations; turn on the camera to take pictures of the surrounding area; or steal information flowing through the device. As Lookout has reported, mobile attacks are real, and high value individuals, such as those that work in the White House, are prime targets. That said, bans are not effective at reducing risk.
In a 2015 study of federal employees, Lookout found that 40 percent of employees at agencies with rules prohibiting personal smartphone use at work say the guidelines have little to no impact on their behavior. Roughly the same amount (37 percent) were willing to sacrifice government security to use a personal mobile device at work.
Staying connected with friends and family while at work is critical for employee morale in this day and age, and limiting employees to government issued devices may not be sufficient. Government issued mobile devices are often configured so that they are unable to send text messages. Most government computer networks block employees from accessing personal accounts, such as Gmail and Facebook. Furthermore, requiring employees to leave work in order to tend to personal business could have a serious impact on productivity -- a counter productive solution when mobile devices are designed to help improve workplace productivity.
Plus, there are serious personal privacy concerns when an agency requires employees to use their government devices for personal calls. Records of calls placed to and from a government mobile phone would be archived and eventually made public as per government record keeping requirements.
"Technology exists so that government agencies do not need to implement morale and productivity-crushing bans on personal devices in the workplace."
There must be another way - and indeed there is. Technology exists so that government agencies do not need to implement morale and productivity-crushing bans on personal devices in the workplace. I recommend the White House, and any other agency considering this extreme of a measure, to instead implement the following:
I commend government officials for recognizing the importance of securing mobile devices, but I implore government IT leaders to question if an outright ban of personal devices is the right choice. Bans can negatively impact employee morale and productivity, both of which are critical to the success of the mission. Visibility and control can still be achieved without bans that ultimately may be circumvented, opening the door for undetected security breaches.
Want to learn more about how Lookout can protect agencies from sensitive data breach via mobile? Contact us today.
Bob Stevens Vice President, Americas