Personal Use of Enterprise Related Mobile Devices

The use of mobile devices has proliferated in organizations, with some of them being owned by the enterprise and others owned by the individual employees. Either way, many of them are being used for personal purposes in addition to enterprise work. This is a matter of concern to organizations, partly because of the time that can be consumed through such activities on the job and partly because of the increased risk that such activities pose for increased phishing attacks on the organization, which carries the risk of loss of sensitive data.

A recent ISACA survey - 2010 Shopping on the Job - showed that 26% of companies surveyed in Canada believe that employees will use their work-related mobile devices for shopping to the tune of 1 - 2 hours during the coming Christmas season. The cost of this in lost time is perhaps $1500 - $2000, according to the survey.

A majority of companies have a policy with regard to personal use of such devices, but very few prohibit it. Probably a recognition of the unforceability of such a rule.

Mobile devices are common now, and growing in their use. Every company should at least have in its risk assessment a consideration of the risks related to mobile devices and specifically, personal use of them. Then appropriate policies can be developed. The results of the ISACA survey and the related white papers can be downloaded from the ISACA site.