Decommissioning personal devices is not occurring in some firms

Decommissioning personal devices is not occurring in some firms

Firms allowing staff to use their own devices for work-related purposes are taking advantage of the many benefits the trend offers, but it is not all plain sailing, as there are also security issues associated with BYOD.

According to a new survey by Harris Interactive on behalf of Fiberlink, a provider of the Maas360 mobile device management (MDM) tool, companies are failing to ensure smartphones and tablets used for enterprise purposes are properly wiped after they go out of use.

The survey indicated that only 16 per cent of workers who had upgraded their phone had the data on their old device professionally wiped.

Most respondents (58 per cent) kept the old device though it remained inactive, 13 per cent gave it back to their service provider, 11 per cent donated the device, gave it away or threw it away.

With such varying attitudes towards the disposal and clearing of old devices, companies could be at risk of data breaches and other security lapses.

David Lingenfelter, information security officer at Fiberlink, said: "This is the beginning of something we haven't seen before, which is the retirement of devices that aren't going to end up back in IT's hands."

"We're seeing a lot of trade-ins and hand-offs to children or siblings that aren't associated with the company. And when you trade a device in, the people you're trading it into may or may not wipe it before they auction it off or sell it as a used device."

Mr Lingenfelter recommended introducing provisions for the decommissioning of personal devices to BYOD and mobile policies, to make sure everybody is aware of what their responsibilities are.

He noted that a BYOD policy is crucial for businesses, to protect both the firm and its customers.

"There needs to be something in the policy to say whether the company does or does not have rights to the data on the device. In this case I think you can spin it to the end user. It's not just corporate data you have to worry about, it's all your own personal information too."