Share this article

print logo

Use of personal gadgets has its pitfalls

Like many employees these days, Kim Gibbons uses her own smartphone and tablet for her job at Cisco Systems. That way, no matter where she is including weekend soccer matches with her children -- "I'm still very much connected with everything at work," she says.

Hers is among the companies that encourage this bring-your-own-device trend, but the practice is causing consternation among executives nationwide.

While loath to alienate employees by being too restrictive, many fear that their companies' confidential or critical business data could be accessed from poorly secured gadgets by hackers, who are attacking firms with increasing ferocity.

As a result, rules regarding the use of personal devices vary widely. Some companies permit it with tight controls that include having the ability to remotely wipe the gadgets clean of all data -- personal or otherwise -- if the machines are lost or stolen. Others bar employee-owned devices altogether or haven't figured out what to do.

"The world is going mobile," said Bob Worrall, chief information officer at Santa Clara, Calif., chip-maker Nvidia, which recently decided to let employees use their phones and tablets at work. But how to adapt to that shift while protecting company secrets, he added, "has really become a question that legal and security teams have wrestled with across the industry."

For many workers -- particularly the young -- having to use a clunky company-issued phone or laptop is unthinkable. A Cisco survey of 2,853 adults younger than 30 last year found that 70 percent preferred to use a work device of their own choosing. And among those in college, 81 percent expressed that preference.

Still, recent research by McAfee and the National Cyber Security Alliance has found that nearly 3 in 4 adults fail to protect their smartphones with security software. Moreover, people often use their phones, tablets and laptops to frequent social media or other websites that tend to attract cybercrooks.

Consequently, many business executives aren't keen on the idea of letting their employees use such devices for work. The practice was forbidden by 48 percent of the 1,500 information technology managers queried by Cisco in January, although 57 percent added that some of their employees disregard the ban.

In another study this year by Check Point Software Technologies of Redwood City, Calif., 65 percent of 768 information technology professionals contacted allowed employee-owned gadgets to connect with their corporate networks. But 71 percent blamed such mobile devices -- both personal and company-provided -- for contributing to "increased security incidents," such as risky Web browsing and "corrupt applications downloaded."

Others embrace the idea, which can be a big cost savings for companies.

"It's working very well," said Steve Martino, vice president of information security at San Jose-based Cisco, where a little less than half of the company's employees use their personal devices. He said the gadgets are connected to Cisco equipment to block spam and some of them can be remotely wiped of sensitive information.

"Our primary concern is protecting Cisco's and our customers' data," Martino said. But, he said, the company also wants to make its employees "happy with the kind of device they have."

Among those pleased with the policy is Gibbons, who joined Cisco in 1999 and is marketing director for its global government solutions group. Equipped with a company-issued MacBook Pro, as well as her personal iPhone and iPad, she much prefers this arrangement to her previous job, where she toted both a company phone and one she owned.

"That's very difficult when you're carrying around two phones," she said. "It just makes you less productive."

Of more than 9,600 executives surveyed this year by PricewaterhouseCoopers and two trade magazines, just 43 percent had security procedures governing use of personal devices. Hashing out such rules can be complicated. Companies need to consider whether to reimburse employees for using their own devices, how to deal with lawsuits demanding access to the personal gadgets and who owns the email or other information on the devices.

Then there's the matter of how to keep from losing company data, which can be an added headache for an executive if "you are already staying up at night worrying about protecting your network," said Patrick Bedwell, a vice president at Sunnyvale, Calif., network security firm Fortinet.

But given how employees feel about their beloved iPhones and other personal gadgets, he added, "you'd be hard-pressed to tell people you can't bring your own devices to work."