PRIVACY VS SECURITY:

THE BYOD DILEMMA GROUP 6

 Bring Your Own Device (BYOD) has become commonplace in companies of all sizes.
• Employees have been granted permission to use their own devices for work.
• BYOD evolved out of employee discontent with having to carry two phones or with finding
themselves needing emails or files at home that were on an office computer.

 In today’s tense cybersecurity environment, pure and simple, BYOD makes it impossible to
maintain a secure network.
• Mobile device management (MDM) the software has been developed in an effort to secure company
data on private devices. However, MDM can compromise user privacy. So, we end up needing ways
to balance corporate security and employee privacy.
BYOD ISSUES: EMPLOYEES’S
VIEW
 BYOD and installation of company software to gather user data would be unethical
• poses a great threat to the privacy of employees
• greatly affect their morale
• impact productivity and creativity
• Result in increased

 If it comes out that employee's data is being misused and their private texts or messages
are being viewed by the IT department
• they may be furious some may quit and also sue the company.
• raise a social media storm and media may pick up and cause irreparable damage to our company
reputation.
BYOD ISSUES: EMPLOYEES’S
VIEW
 If a company’s IT department finds out about any issues like an employee is going through
tough times in his personal life or is more likely to quit as he is searching for a job etc. their
behavior towards the employee would worsen and make it difficult for him.
 In case an employee’s phone goes missing, for corporate security reasons the MDM
software allows IT to remotely wipe the employee’s phone of all data – including personal
email and photos in addition to corporate data.
 GPS and location-tracking enables the employer to know an employee’s whereabouts 24/7.
BYOD ISSUES:
ORGANIZATION’S VIEW
 Security by its nature must be utilitarian, meaning the “ends justify the means” which in this
case is to protect not just the business, but the integrity of each employee and stakeholder
who engages with the organization.
 Organizations build their IT networks to keep them safe from hackers, malware,
ransomware, phishing and many other threats.
 They develop policies and procedures for using personal devices including requirements
that the organization can place MDM software on employee devices.
 They train employees to recognize and avoid cyber threats. These are critical steps for
meeting regulatory compliance standards, maintaining their reputations, and safeguarding
theirs and their clients’ data and fiscal assets.
BYOD ISSUES:
ORGANIZATION’S VIEW
The data leak or company espionage is very rare but does happen. Recent examples of
Huawei and Tesla cases have proven that it can happen to anyone anywhere no matter the
size of the company. It’s always better to be safe than sorry. The IT department spying is also
uncommon but it’s likely to occur.
 The data breach would be devastating to the company and strike it to the core so that the
future of the company could be questionable. Few lines of code can have huge impact in
terms of security of the users of the services as hackers or rivals can get the inside
information and exploit the clients.
 Many organizations ask their employees to surrender their phones to IT to install MDM
software and getting access to devices of employees,  in order to wipe corporate data from
them in case of theft or misplacing the device.
RECENT EXAMPLES:
 https://www.theverge.com/platform/amp/2019/7/10/20689468/tesla-autopilot-trade-secr
et-theft-guangzhi-cao-xpeng-xiaopeng-motors-lawsuit-filing
 https://www.theguardian.com/technology/2019/jan/29/huawei-criminal-indictments-us-c
hina
 
https://nationalpost.com/news/exclusive-did-huawei-bring-down-nortel-corporate-espiona
ge-theft-and-the-parallel-rise-and-fall-of-two-telecom-giants
 https://www.bloomberg.com/news/photo-essays/2011-09-20/famous-cases-of-corporate-
espionag
https://www.telegraph.co.uk/news/2020/09/17/five-chinese-citizens-charged-hacking-us-co
mpanies/
SUGGESTIONS:
COPE:
• Company Owned/Personally Enabled
• The company should provide additional devices to employees for work.
• Corporate-owned devices for work is the best solution to maintaining security and still enabling
enterprise mobility.
• We can pre-load these company devices with more comprehensive corporate software when we do
not need to allow for personal device issues.
• Many companies are already doing it, it will be feasible and while working from home they also have
safety as they can use the company provided Mobile data and company provided laptop which aids
security and also improves the privacy of the employees.
• Disadvantages:
• It also potentially imposes a technology choice on employees that can affect productivity if the technology is
unfamiliar.
SUGGESTIONS:
 CYOD:
• Choose Your Own Device
• Employees have the option to choose from a selection of company-owned android and IOS devices,
enabling them to select a familiar platform.
• This enables immediate productivity on starting to use a company device. 
• CYOD and COPE Company-owned personally enabled as options for employees choice. The company can
afford the extra expense of buying new devices as once there is a breach the economic implications will
huge compared to the cost of devices.
 IT can place a container on an employee’s device in which all corporate programs and
information reside. If a device goes missing or the employee leaves, the container alone can be
wiped remotely, leaving employee data intact.
• Downside: IT can still see what programs and apps are on the device and the corporate container
has its own separate log-in. The log-in is a minor inconvenience, but one that some employees will
not like.
GENERAL CONSENSUS:
 Respecting employee privacy is of utmost importance because the lack of it could dampen
the morale of the employees and could fuel dissatisfaction and mistrust.
 The financial impact on the organization if it chooses COPE strategy.
 Most companies are already providing some financial reimbursement to employees using
their personal devices and company phones can fall into a moderate price range. The need
to license mobile management and other security software doesn’t change.
The two way key authentication is a great suggestion which would prevent accidental data
wiping of the devices.