Most BYOD employees fail to properly dispose of or wipe company information from personal devices when upgrading to the latest tablets and smartphones, according to a report from Harris Interactive.
Only 16 percent of US adults said they had their old smartphones professionally wiped before upgrading, and only 5 percent had the device securely destroyed. Most respondents said they kept the old device (58 percent), although it was inactive. Some 13 percent turned it over to their service provider, and 11 percent donated it, gave it away, or threw it in the trash.
Harris Interactive conducted the report for Fiberlink, a cloud-based solution provider for mobile device and application management. It surveyed 2,243 US adults in July.
Employees upgrading to new devices need to do it right. They should notify their IT department, transfer corporate materials to the new device using their company's mobile device management application, extract personal data from the device, and securely erase all remaining personal and corporate data by performing a factory reset or using a mobile device management application. Some tablets and smartphones have removable storage cards, which the employee should take out.
The upgrade cycle is another way that BYOD is changing IT. Until BYOD, old devices went back to IT for safe disposal. But that doesn't happen when the employee owns the device. "Some people are handing them off to their kids to use, whether they keep a cellular service on it or just use it as a Wi-Fi device," David Lingenfelter, Fiberlink information security officer, told CIO Magazine. "We're seeing a lot of trade-ins and hand-offs to children or siblings that aren't associated with the company. And when you trade a device in, the people you're trading it into may or may not wipe it before they auction it off or sell it as a used device."
Turning off email access remotely is simple, but this year more employees are using their own devices to access other corporate data. Fiberlink recommends adding provisions for decommissioning BYOD devices to the company BYOD or mobile policy. And companies that don't have a BYOD policy need to fix that.
The survey is self-serving; Fiberlink is, of course, looking to sell more of its solutions. But it seems to me to make good points. Many people are going to find new tablets and smartphones around the Festivus pole this month, and corporate IT should be sure that if those devices are used with corporate data, it's done safely.
CIOs Have One Safe Option for BYOD
Reject BYOD for the Right Reasons, Not Out of Fear
Why BYOD Is B-A-D for Enterprise IT
— Mitch Wagner , Editor in Chief, Internet Evolution