From employee lawsuits to the rising costs to compliance failures, the road to BYOD is wrought with pitfalls. Not all of them are as obvious, either. A widening trust gap between employer and employee can go on unnoticed until it’s too late. Or zombie phones tucked away in desk drawers may be feasting on your mobile budget. Beware BYOD’s dark side.
Sneaky Workers Rip Off Employer
Left unchecked, workers can take advantage of your BYOD program. They can rack up thousands of dollars in overseas charges. They can expense entire family plans, upgraded phones and termination fees. They can sign up for maximum data plans.
A tech company with 600 workers, for instance, paid $300,000 over budget in the first year of its BYOD smartphone program. “It was just outrageous,” David Schofield, partner at Network Sourcing Advisors, a mobile consultancy that helped the tech company rein in costs, told CIO.com.
Out of Compliance
When companies let employees access data on personal devices, there’s a real chance that they’re breaking the law. A recent TEKsystems survey found that 35 percent of IT leaders (such as CIOs, IT vice presidents and directors) and 25 percent of IT professionals (such as developers, network admins and architects) are not confident that their organization’s BYOD policy is compliant with data and privacy protection acts, HIPAA, Dodd-Frank or other government-mandated regulations.
TEKsystems adds: Failure to comply with federal regulations can result in severe consequences, such as fines, probationary periods of oversight by federal agencies and criminal penalties up to and including imprisonment.
The Productivity Problem
BYOD promised to make employees happy and more productive. After all, they could use mobile gadgets of their choosing for work and would carry those gadgets practically all the time, meaning that they’ll be working in the evenings and on weekends. Worker productivity was supposed to spike. Then some companies saw workers slack off by using their gadgets to check Facebook and play Angry Birds at work. This led to a few apps landing on the infamous BYOD blacklist.
Out of the Network, Into the Cloud
Speaking of BYOD blacklisted apps, some of the most hated ones–at least by CIOs–are cloud storage service offerings such as Dropbox. Confidential corporate data can find its way into these consumer repositories and out of the reach and purview of IT.
An employee can whip out his BYOD smartphone, take a picture of a whiteboard or a screen shot of an important document and save the image in Dropbox, and there’s nothing IT can do about it. If your company supports BYOD, you can bet there’s corporate data in a consumer cloud service.
Expense Reports Explosion
BYOD smartphones were supposed to save companies boatloads of money, because they no longer had to pay for company-issued BlackBerrys. But cost savings have been derailed by hidden costs. One of the worst offenders: processing BYOD expense reports.
Last year, Aberdeen Group came out with a scathing report that mobile BYOD costs about 33 percent more than a company-owned mobile device approach. BYOD stipends will ultimately lead to more expense reports, says Aberdeen, and a single expense report costs about $18 to process.
[ Infographic: BYOD’s Dirty Little Secret ]
Text Messaging Theft
Let’s face it: Some employees are just bad seeds who want to take confidential information before fleeing to a competitor. With BYOD smartphones, it’s a lot easier for them to get away with it. These “bad leavers” swipe and send data in text messages, which are nearly impossible to track.
“Text messaging appears only on the phones and nowhere else on the corporate network,” says Paul Luehr, managing director at Stroz Friedberg, adding, “It’s increasingly common to see [bad leavers] text messaging their buddies across town and conveying private or valuable information that way.”
Lost Phone – For Weeks
In the early days of BYOD, companies felt they had a silver bullet for lost or stolen smartphones: the full remote wipe. Any critical data on that device would be wiped away. There’s just one problem. People misplace their phones all the time, and so they’ll take every measure to find it before calling IT to hit the remote wipe. Their reluctance to report the lost phone could span days, even weeks–meaning for all that time, corporate data could have been compromised.
Lawsuit 1: Privacy
Let’s say your team of lawyers put together a solid BYOD user policy, one that pretty much doesn’t give an employee much expectation of privacy. You’re covered, right? Don’t be too sure. Managers need to be well-trained on the BYOD user policy, too.
In the case of City of Ontario vs. Quon, police sergeant Jeff Quon and others sued the city alleging violation of their constitutional rights because personal messages on a department-issued pager were audited and led to Quon’s firing. While the Supreme Court ultimately sided with the auditors, one of Quon’s superiors verbally assured him that messages would not be monitored, thus igniting a controversy over the expectation of privacy.
Lawsuit 2: Overtime
A TEKserve survey found that 63 percent of IT leaders believe BYOD is very effective in increasing employee access for work-related purposes. While this is great for salaried workers, problems arise with hourly ones.
Case-in-point: A lawsuit in a federal court in Chicago claims that the city owes some 200 police officers millions of dollars in overtime back pay because officers were pressured into answering work-related calls and emails over department-issued BlackBerrys during off-hours. While this particular case doesn’t involve BYOD, there’s no question BYOD blurs the line even more between work life and personal life.
The Widening Trust Gap
BYOD was supposed to bring people together. Employees could use technology of their choosing, and IT could shake the naysayer moniker. Then the relationship got a little dicey when IT asked employees to sign a draconian BYOD end-user policy that makes short shrift of an employee’s expectation of privacy.
Only three out of 10 employees completely trust their employee to keep personal information private, according to a MobileIron-commissioned survey of 3,000 workers. The flip side is that the rest aren’t so sure. And a widening trust gap can quickly escalate from head-shaking to finger-pointing to employee lawsuits claiming privacy rights violations.
Zombie Phone Invasion
Oh no! Zombie phones are attacking your mobile budget!
When companies transition to BYOD, employees often turn in their corporate-issued phone in favor of their personal one. Companies call the carrier to turn off the corporate-owned phone, and the phone is thrown into a desk drawer somewhere. Amtel has found that in 10 percent of the cases, the corporate-issued phone becomes a “zombie phone” that’s thought to be dead but still being billed by the carrier.
What’s the worst thing that could happen to a company in a BYOD world? That’s easy. It’s getting a call from a local news reporter asking about compromised data on a lost or stolen BYOD smartphone or tablet.
“If we end up on the front of the Fresno Bee because an attorney left his phone at the bar… the damage to your reputation could literally be millions of dollars,” CIO Darin Adcock at law firm Dowling Aaron told CIO.com.