photo of Casey Sipe of The Employer's Layer

Casey Sipe is a management-side employment law attorney with Scaringi & Scaringi

Bring-your-own-device (BYOD) approaches have been embraced by employers, because they can reduce costs and employees tend to prefer being allowed the freedom to choose their own phones and tablets.

Of course, the freedom to purchase and use their own phones and tablets comes with a new set of challenges and, potentially, headaches.  A small, but very passionate, minority of smartphone and tablet owners choose to jailbreak  (Apple) or root (Android) their devices.

Jailbreaking or rooting allows a user to bypass the installed operating system.  This allows the user to install unapproved apps and make changes that are not available to other users.  Many of those jailbreaking or rooting are doing so without any knowledge of the risks involved. If they use those devices to access their employer’s network and data, security may be compromised.

With Apple devices in particular, users are only permitted to install apps that are approved by Apple, which helps to ensure that malware and other hostile programs cannot be installed. However, someone can install apps that are not approved and may contain malware on jailbroken or rooted devices that affect the device’s stability and reduce security.

In 2012, a Dutch hacker was able to access a number of jailbroken iPhones.  He made it appear that the iPhones received a text message that could only be removed after a fee was paid.  Thankfully, the hacker only intended to point out the security hole, and returned all the fees paid as well as providing instructions to close the security hole.  Unfortunately, less benevolent hackers could access any information on the smartphone or tablet, including company email and any files downloaded onto the device.

So it is important to address jailbreaking and rooting devices that connect with the company’s network. This can be done through a policy in the employee handbook or simply through instructions while setting up your employee’s device to access the company email or intranet.

You are probably already having a difficult time convincing your employees that they need to use passwords and other security settings on their mobile devices that access company data, and those protections are generally intended to prevent access if the employee loses the device or it is stolen. Taking all of these other security precautions and allowing jailbroken or rooted devices to access your company network is the equivalent of locking all your doors but leaving a window open.

Make this small change to your BYOD policy, and avoid a great deal of potential trouble in the future.

Read previous post:
Picture of woman in article appearing on February 24, 2014 about People Make the Difference by John Sumser
People Who Make A Difference

Rather than a passing grade in all subjects, excel in some and fail at the others. That’s what makes the...