NR 512 Week 7 Discussion Activities: Safeguarding Health Information and Systems

My workplace would never allow for us to bring our own devices into the facility! I was quite surprised to find out that this was a thing!
Upon doing some research on this topic I found out some interesting facts. I found it interesting that BYOD encompasses more than just computers. It also means that employees may use smartphones, tablets, kindles, and more for their work. The concept of BYOD includes personal software and services, as employees use iCloud services and other tools on the web (Eschelbeck & Schwartzberg, 2017).

To begin, I will discuss the security issues that would be encountered. It’s risky to assume that prohibiting the use of personal devices solves the problem. I say this because the average employee ends up using their own device anyway because it is not monitored by work place security policies. But, regardless of what you think about BYOD and however workplaces choose to implement it, IT managers should treat it the same way as any introduction of innovative technology: with a controlled and predictable deployment of security (Eschelbeck & Schwartzberg, 2017).

When it comes to devices being introduced into the workplace, a few questions should be addressed.

1) Who owns this device?

Is this a trustworthy person? In the past, the company owned the devices, whereas in this case. the employee owns the device (Eschelbeck & Schwartzberg, 2017).

2) Who manages this device?

How is security going to be managed, if the employee is in charge (Eschelbeck & Schwartzberg, 2017)?

3) Who secures this device?

Accountability is not something that goes away for an employee just because they personally own the device (Eschelbeck & Schwartzberg, 2017).

All organizations have the flexibility to embrace BYOD as much as they feel reasonable. But, there are companies who have decided the risk is too great and choose not to implement a BYOD program (Eschelbeck & Schwartzberg, 2017).

In May 2012, a facility banned its 400,000 employees from using their own devices and their own applications because of the concerns about data security. The facility also banned cloud storage services such as Dropbox, as well as Siri. Since Siri listens to spoken requests and sends these requests to Apple’s servers where they are deciphered into text they found this could be a HIPAA violation along the line. They also banned Siri because she can create text messages and emails on voice command, but some of these messages could contain sensitive and private information (Eschelbeck & Schwartzberg, 2017).

Ultimately, the success of the BYOD program is measured by the employees’ willingness to use their personal devices within the rules set for them. The organization’s security procedures and policies should determine whether and how BYOD is utilized. If adopted into a company, BYOD users need to have the ability to enforce security policies on their device and protect their property if that device is ever lost or stolen (Eschelbeck & Schwartzberg, 2017).

A couple other security concerns include:

-Being able to register employee devices with the company for monitoring purposes (Matteucci, 2017).

-Implementing password protection, antivirus and back-up software for all devices (Matteucci, 2017).

-Preventing the use of public WiFi networks (Matteucci, 2017).

-Downloading company information on home computers (Matteucci, 2017).

-Cleaning/resetting the devices entirely when employees quit or are terminated (Matteucci, 2017).

References:

Eschelbeck, G., & Schwartzberg, D. (2017). BYOD Risks and Rewards: How to keep employee smartphones, laptops and tablets secure. SOPHOS, 2(10), 1-7.

Matteucci, G. (2017, April 21). The Pros and Cons of Bring-Your-Own-Device (BYOD) for Your Mobile Field Workforce – Field Force Friday. Retrieved April 09, 2018, from http://www.msidata.com/pros-and-cons-of-byod-in-mobile-field-workforce

If a device is required to complete the functions of your job should the organization be accountable to this cost? Defend your perspective.

I feel the employee should be compensated to some extent for being required to use their own personal device at work. Also, if an employee is required to use their own personal device are they in jeopardy of having their personal information contained on the phone made public to the employer? Basically, by using their personal phone at work and accepting compensation for it, have they given up their right to personal privacy? I guess it all depends on the agreements made with the employer and this agreement should be carefully consider by the employee. There is no doubt that employers will save time and money by allowing employees to use their own devices but is this best for the employee?

A recent article mentions that expense reimbursement for use of personal cell phones for work activities is required depending of which state one lives in (Lannon & Schreiber, 2018). This same article goes on to discuss a law in California that requires employers to pay at least part of an employee’s wireless voice and data plan if it is required at work (Lannon & Schreiber, 2018). After further research I found the actual California Labor Code 2802 (a) that basically states that the employer is responsible for all expenditures or losses incurred by the employee in direct consequences of discharging their duties (leginfo.legislature.ca.gov). This means employers need to seriously research this topic depending in which state they reside before they end up in trouble for non-compensation. While employees need to fully understand if their personal right to privacy can be breached by their employer.

Code Section. (2016, January 1). Retrieved April 10, 2018, from https://leginfo.legislature.ca.gov/faces/codes_displaySection.xhtml?lawCode=LAB§ionNum=2802. Lannon, P. G., & Schreiber, P. M. (2018, March 30). BYOD Policies: What Employers Need to Know. Retrieved April 10, 2018, from https://www.shrm.org/hr-today/news/hr-magazine/pages/0216-byod-policies.aspx

Related posts: