My Thoughts:
Personally I don’t care if someone uses a company cell phone or laptop while traveling for personal use. As long as they are not doing anything illegal or morally compromising.
My Thoughts as IT Manager:
However, as the IT Manager of my company I am consistently working on ways to better our company in cyber security across the board.
We have taken leaps in security in the past year. I feel for the most part I can breath a bit easier when it comes to our current infrastructure and its security. Although with technology changing there is ALWAYS more things to be done.
The Elephant:
So here is the kicker. People are using their company laptops and mobile devices for personal use. I am not talking about phone calls, texts and data (who cares) everything is unlimited now. To help solve some laptop issues admin rights have been revoked. Phones are a little more difficult.
Those who travel are using these devices for personal banking, music, software downloads, games, email, medical device tracking, etc.
We have MDM software and it would be wonderful to create policies to help make each business device more secure. However, those who are leading the company find using business devices for personal use as a perk to the employee. Something they do not want to (necessarily) take away. Yet, I feel obligated to consistently push more ways to make sure our data and infrastructure are secure. I can not just make the decision without first running it past the leaders of this company.
Ok Spiceheads…what are your thoughts???
Company Devices for Personal Use
- Employees should be able to use company devices for personal use.
- Employees should not beable to use company devices for personal use.
- Employees should not be able to install non-company software on company hardware.
- Employees should able to use company devices for personal use on a limited basis
- Always Do
- Depends on the business and the legal requirements
- Employees should not beable to use company devices for personal use, but good luck with that.
- Employees should be able to use company devices for certain personal uses, but to a point
- Only IT employees should be able to use company devices for personal use.
- Options 2, 3 and 6
- WTF? you have 19 personal devices between your 5 family members - Use Those!
- 2,3
- Employees should be able to use them as long as it doesn’t cost the company any additional money.
- 3,4
- As long as you’re willing to be tracked and recorded sure go for it.
- 42
- Employees shoulbe able to use company devices for personal use on company approved software
- no installs, encrypt drive, password lockouts and zero tolerance for Cyber code of conduct breaches
- koltex
- No Personal Accounts (FRP!!)
- If it is legal, is this the battle you want to die in?
- Leaving this open to add new options was a mistake…
- Combination of 3, 4, 6, 8, 13, 17
- Has anyone really been far as decided to use even go want to do look more like?
- Harambe
- How about another option? If it’s an Android device I want it locked down like iOS. No installs.
- For computers - no Admin rights, no self-installs, no software licensing headaches, no arguments!
- Option 10, plus MDM to implement container includes the company apps separate with reporting
- VENKYS OUT
51 Spice ups
adamford
(adamford)
2
I find in the SMB space, it’s a little difficult to get ownership buy in on these types of restrictions, at least until something bad happens because of it. I would love to restrict usage like this as it greatly reduce issues.
4 Spice ups
Evan7191
(Evan7191)
3
It sounds like the main issue is that users have admin rights on the laptops and can install whatever software they want.
6 Spice ups
Personal use is reasonable.
Being able to install what the hell you like is not reasonable - focus on that issue first.
29 Spice ups
I draw a big distinction between using company hardware to check personal email and installing uncontrolled software. I do not care if they want to check their gmail etc but I do not see a business benefit to adding software for personal use.
Chart any and all time that you and the rest of the IT department have to spend cleaning up those issues and feed that information back to management so they can consider the company time that is invested to allow that perk to the employees.
5 Spice ups
jim4232
(Jim4232)
6
Have them sign an agreement that they understand everything on company devices is owned by the company! Once they have signed it tell them you will be emptying their bank accounts as your tip and will be splitting it with the C-levels!
4 Spice ups
nelsonsa
(Nelson9480)
7
We have a lot of people who travel, so if they want to install Spotify then we don’t mind. When they start installing Torrent clients to get movies, that’s where we draw the line.
7 Spice ups
Evan7191 Mar 10, 2017 at 11:41 AM
It sounds like the main issue is that users have admin rights on the laptops and can install whatever software they want.
Laptop Admin rights were an issue. There are only 2 more computers need to be switched to have Admin rights removed. They are the two top most leaders of the company. I have edited the previous post to better explain this. Thank you!
Evan7191
(Evan7191)
9
If the business leaders want it, you can warn them of the risks, but they may overrule you.
A potential middle-ground could be to use an application whitelist and include some of the popular “personal use” applications in the whitelist. For example, if users want spotify, you could include spotify along with your company’s usual software in the whitelist. That would allow users to have some personal use but would still prevent the installation and execution of unwanted software.
1 Spice up
This was years ago. Things like music and medical tracking were fine for us. It was the dating apps (that the company ended up paying for) that made the restrictions come flying in.
EDIT: Specifying that this was on phones.
3 Spice ups
ross
(Ross42.)
11
When it comes to mobile devices, my primary issue is when the employee leaves and demands all kinds of things be removed off the phone. That’s a big ol’ negative, everything on the phone is owned by the company, not you. And you signed something stating you understood that.
8 Spice ups
NULL
(NULL)
12
When I worked at 1-1 schools, I wanted teachers and students to use their school-issued device for everything. The more they personalized it (within reason) and always had it with them, the more useful a tool it became in the classroom and home work space. Obviously we had to take lots of security precautions…
Working now in healthcare, I do not want folks using company devices for personal use, since it increases our risks of compromise so substantially and HIPAA is no joke. Obviously, we have to take lots of security precautions…
4 Spice ups
My feeling is yes the device is owned by the company but users should have some freedom to “modify” the device within reason. So if the user wants to personalize it who cares. I dont even mind things like google hangouts where i draw the line is games and un authorized programs like torents and p2p sites. Basically if it can get us in trouble i dont want it!
sp2
(ITPro1000)
14
This reminds me of the time a user angrily shouted across the office “So, who cares if we all have the admin password anyways!!”
1 Spice up
It’s important to manage what they are doing. The way I see it, they have to have some personal information and data on their PCs and Phones or they’d be carrying around twice the equipment.
I’ve had users that install games on their laptops. I don’t mind it honestly. I have security in place on all company machines and have access to them when needed. For mobile devices, it depends on the user. Most users have very limited capabilities, and I still check those about once a month or so. I’ve never found anything that I would consider to be “against policy” yet when it comes to mobile and laptops. But then again, only the high level users get the equipment… even if they did circumvent my security and do something wrong I couldn’t do anything about it.
Acceptable Use Policy, Define the rules, then enforce the rules. problem solved.
1 Spice up
We remind our users that if somebody files a Freedom of Information Act discovery request, everything on company-owned equipment is discoverable. Everything.
But the users are going to do what they want.
1 Spice up
It’s a tough debate. My current employer’s wording is “under no circumstances should the mobile device be used for personal use.” My former employer went by “reasonable personal use.” Either way it needs to be enforced heavily. Reasonable personal use is up to interpretation, too. Firm policies need to be in place and audits need to happen. One of my monthly tasks is auditing data usage and reporting any findings. Our “no personal use” policy gives us much more leverage. Our company also works on many public construction projects and if mobile costs are invoiced to the project, they are fully auditable by the client.
johncombs
(johncombs)
19
We provide most users with iPhones, all users get laptops and our sales reps also have iPads. We do not put any restrictions on the mobile devices and all sales reps have admin rights to their laptops. They are completely 100% remote users and often have to install software for one reason or another when at client sites. Management allowed the admin rights to make it easier on them and less tickets for us. Managers and above have admin privileges on their systems as well, as they also travel overseas and our help desk is not staffed 24\7 as we are not open 24\7\365 and I personally don’t want to answer my personal cell at 3AM and have to stumble through a remote session to install software without my precious life blood called coffee!!
1 Spice up
jeffnoel
(ghijkmnop)
20
IMO, in this day and age, everyone who uses a computer at work should already own some sort of personal computing device, so they shouldn’t NEED to use a work device for personal endeavors.
2 Spice ups
