It's vacation season, yet more than half of U.S. employees take work with them when on vacation. And most professional users take work home regularly even when they're not on vacation. Forget the notion of a 40-hour or 50-hour work week or two or three weeks of vacation — for many employees, there is no time off work any longer.
That's galling enough. More galling is advice from consultancies like Globalscape who try to scare companies into buying their services because, as security vendors' surveys (shockingly) show, nearly two thirds of employees take work data out of the office (according to Symantec), 26 percent would not report a possible breach right away (according to Aruba Networks), and 20 percent of lost information comes from accidents made by these employees (according to Symantec).
Well, gee, if employees weren't essentially forced to work outside the office, they wouldn't need to bring that data with them, now would they? And if you think about it, the fact that three-quarters of employees quickly report possible data loss is a good thing, and I bet most of the other 26 percent are trying to find it first. And the 20 percent figure on accidental loss speaks an even larger truth: All this fearmongering over BYOD is over a small percentage of data loss — how about addressing the intentional theft that acounts for the other 80 percent, where the damage is likely larger because it is in fact intentional?
I have a simple recommendation for any company truly afraid that employees working outside the office on their own time pose a security danger: Don't let them. Disable all their accounts when they're on vacation or off duty. Lock their company laptops if they have them except when they're at the office. Disallow the use of smartphones and tablets at or for work. For people who must work on the road, provide Chromebooks so all data remains in the data center.
Let's go back to the 1950s, when these threats didn't exist and we had armies of secretaries to guard hallway file cabinets and document storage rooms.
No? You don't want employees following labor code and working 40 hours a week with true holiday and vacation time off?
Then shut up about all this BYOD fearmongering. Put in basic monitoring and access control. Educate employees. Limit or remove access from those who mistreat data. And make your security vendors offer real data protection solutions, not the failed software and appliances that keep not working — and stop buying the stuff that isn't working.
If businesses choose to commingle personal and work, they need to accept that they lose control — how much loss of control depends on how much they expect employees to do outside the office and outside work hours. It's a business decision as to how far to go along that route. It is not employees' fault, and it's time to stop blaming employees who already have lost much of their hard-earned time off.
Leave the work at the office and enjoy your vacation — for real.
Sign up for Computerworld eNewsletters.