Consider the following scenarios:
- An incautious employee downloads a malicious app on their smartphone, which proceeds to infect the company network with ransomware.
- A remote worker connects to company servers, unaware that his computer is currently infected by a trojan.
- A company’s security policies require that it have access to all business data stored on a device — but corporate files are mixed with personal files, turning the whole affair into a privacy minefield.
- A hacking group breaks into a business’s network. In addition to making off with corporate data, it manages to steal the financial information other personal files of employees.
If your business does not effectively separate work and personal data, there is considerable risk to both parties. If bad actors manage to penetrate your security, they don’t just have access to intellectual property and customer data. They also have the ability to make off with a ton of employee data, as well.
And that’s not even getting into the myriad security and privacy challenges that often accompany the improper separation of professional and personal.
Unfortunately, we live in a world defined by distributed work. COVID-19 has effectively seen to that. And while some argue that remote staff should exclusively use corporate devices during work hours, most agree that this is both infeasible and inefficient.
There’s also the question of legality.
Can your employer record your conversations, like when an app demands permission to record all calls and messages? What happens if a business chooses to use company-provided devices to access employee social media accounts? Everyone knows that data is invaluable, a vital component in predicting future trends, targeted advertising, sales, and more.
Granted, the personal data of employees is less valuable for these purposes. But it’s also safe to say that most people likely don’t want their employer prying into their personal affairs. Never mind the question of what happens to personal data stored on a corporate device, or the fact that blending personal and professional on a single device can wreak havoc with one’s work-life balance.
There needs to be separation, which can be achieved in a few ways.
- A partitioning service or sandboxing tools such as Android 11’s Profiles or Samsung KNOX. This keeps corporate apps safe from potentially-malicious consumer apps while also maintaining user privacy.
- Cloud-based/remote desktop software. Since no data is stored directly on the device, there’s very little risk of any issues with privacy or security.
- A comprehensive acceptable use policy. There should be no doubt about when, where, and how corporate data should be accessed and used.
Distributed work isn’t going away anytime soon. Businesses can no longer afford to ignore the question of the relationship between employee privacy and cybersecurity. Particularly with more GDPR-like regulations hitting the main stage, it’s something leadership needs to address — As much for their employees’ sake as their businesses.