Many workers can’t imagine life without their smartphones. The popular devices, including BlackBerrys and iPhones, let employees stay in touch — with work, family and friends — around the clock. But smartphones are proving to be a challenge for both HR and IT departments when it comes to the work-life balance of employees and security risks.
Seventy per cent of employees say they are allowed to use their corporate devices for personal activities and 48 per cent can use their personally owned mobile devices to connect to corporate systems, according to a recent survey of 92 European organizations by IT and telecom specialist Ovum and the European Association for e-Identity and Security.
In addition, the laptop is becoming the new desktop as smartphones and tablets replace the old laptop. More than one-third of mobile employees believe a mobile device will usurp the laptop for general business purposes in 2011, found a recent survey of 1,100 people in North America, Europe and Asia by iPass.
“A lot of us are now kind of in that world of a very blurred line between work and personal life,” said Greg Milligan, mobility and solutions manager at Microsoft Canada in Toronto.
As an example, he cites a large Canadian bank that is considering a policy allowing employees to bring in their own smartphones or tablets and have access to work email. Twelve months ago, that would have been unthinkable, he said, but this kind of approach lets people use devices they’re comfortable with already, so there is no need to train or worry about them being dissatisfied with devices chosen by the employer.
“It really has to do with work-life balance and, frankly, employee satisfaction,” said Milligan.
To help with work-life balance, some software solutions and operating systems on smartphones allow users to better differentiate between personal and business programs, such as email or a calendar, said Stephen Drake, program vice-president of mobility and telecom at IDC in Framingham, Mass.
“There is increasing functionality in the devices themselves to enable that kind of separation or way to flip over to the consumer when it’s needed.”
But technology is not the only answer and the concept of work-life balance really has to be pushed from the top down, with a policy and the right corporate culture to support it — something like “after 9 p.m., we won’t bother you and, for the love of God, don’t send out emails,” said Michael Morgan, a senior analyst for mobile devices at ABI Research in Oyster Bay, N.Y.
“Even then, I’m not even sure that will keep people from sending emails and working late,” he said.
Some organizations have tried to curb the problem. In 2008, Richard Fadden, then deputy minister of Citizenship and Immigration Canada, sent a memo to all employees calling for a “Blackberry blackout” between the hours of 7 p.m. and 7 a.m. and on weekends and holidays in an effort to shore up work-life balance.
“When we can ‘balance’ our work and personal responsibilities we, as a team, stand not only to serve and perform more effectively, but also to attract and keep employees,” he said.
While smartphones can provide a great degree of flexibility and mobility, there’s also the question of quality of time, said Morgan. An employee might be able to catch a son’s soccer game while staying connected to work through a BlackBerry, but this doesn’t necessarily mean the employee will do it very well — especially if he’s trying to hash out important problems for work, he said
But these devices also have the potential to be a boon for work-life balance. Salespeople on the road, for example, can log in and track sales during the day on smartphones, so they don’t have to take an hour after work to collect that information, said Drake.
Policies and procedures around mobile devices should not begin in the IT department but rather in HR, said Milligan. Company leadership should decide what it is doing around mobile devices, explaining the environmental advantages, the cost savings when it comes to real estate space and the improved employee satisfaction.
“Then that drives IT policy and network management,” said Milligan. “Don’t start with technology, start with HR and let that drive IT policies.”
HR can also play a role in deciding what kinds of devices should be allotted to what kinds of employees, said Morgan. For one, the department needs to figure out which employees require smartphones to do their jobs, and then HR must decide what kind of security is needed. Certain classes of workers may require high-security phones bought and paid for by the company with heavy IT involvement (known as corporate-liable devices) while others might need less security, so employees can pay for the phone and the plan (known as individual-liable devices), with limited corporate involvement.
HR should take security concerns seriously, as enterprises are increasingly concerned about the risks mobile devices pose to corporate networks and data, especially as employees use the same device for both work and personal activities, found Ovum’s survey. And eight of 10 respondents believe smartphones expose their business to attack.
“Employees will want to use their devices, no matter who owns them, for both their work and personal lives,” said Graham Titterington, a principal analyst at Ovum. “That means organizations must establish a holistic security strategy that addresses the consumerization of this fast-growing channel into corporate networks and data.”
Almost one-quarter (22 per cent) of mobile employees also breach corporate policy by using an unmanaged smartphone for work when their companies have a stricter policy in place, found iPass’ survey.
“Unmanaged smartphones are a significant risk to enterprises,” said Steven Wastie, senior vice-president of marketing and product management at iPass. “Twenty per cent of these mobile employees have experienced a relevant security issue with their smartphone containing business data lost, stolen, infected or hacked.”
One of the biggest security risks to individual-liable devices is when people leave a company and take their phone or when employees lose their phone, said Drake. So it’s imperative organizations have the ability to wipe that device, so all corporate data is cleared from the phone.
Ensuring all data is encrypted is important, along with having the ability to wipe confidential data, said Milligan, as “the number of phones that are lost is scarily high.”
Other areas of concern involve application downloads, as some can contain malware, or inappropriate use of social media sites such as Facebook or Twitter.
“The whole app store phenomenon… has really increased the opportunity there (for risks),” said Drake. “On a laptop or desktop, we’re a little bit more weary of a Nigerian scam email to make sure we don’t give out our business account. But when we get an app, we click to download, not really thinking about some of the same challenges.”
There can be hundreds of different security policies covering a phone but they may not all be needed, said Milligan. For example, the camera feature on a phone can be turned off because an employee works in a sensitive area, but that also points to trust issues in the organization.
“That’s IT gone a little wild in terms of trying to policy the organization to death,” said Milligan.
Work versus play
Smartphone users mix business, pleasure
There is a blurring of the lines between the personal and business use of mobile devices, according to research by Juniper Networks in Sunnyvale, Calif. Almost 44 per cent of more than 6,000 smartphone and tablet users across 16 countries use the devices for both personal and business purposes, while fewer than four per cent use them strictly for business.
Business and personal use varies by region and country, with personal use dominating in Canada (72 per cent of respondents use their mobile device for personal use only), Japan (70 per cent), France (67 per cent) and most other countries. China, Russia and Brazil are the leading exceptions with 75 per cent, 65 per cent and 61 per cent combining business and personal use respectively — and Belgium/Netherlands reports the highest business-only use (12 per cent).
However, 81 per cent of the respondents in the October 2010 survey admit to using their devices to access their employer’s network without their employer’s knowledge or permission — and 58 per cent do so every single day.
© Copyright Canadian HR Reporter, Thomson Reuters Canada Limited. All rights reserved.