[Anonymous]

And did you know your employer can track you outside of work and certain details about your phone usage if you do?

[Anonymous]

“However, if you use your own device and plug it in, that doesn't give them permission to install malicious software on it. Also, that isn't easy to do. They would have to ask permission or hack your phone and I don't see that happening with any company.”

I'm not so sure about that. It is actually fairly easy to do. If you are familiar with affiliate marketing, the way it works is by using “cookies” and something called a “pixel” to track web browsing behavior. An employer can have a “pixel” on their company's website to track visitor's browsing habits. So something as simple as that can leave your browsing habits vulnerable to access.

I understand the difference between personal devices and work devices. But the truth of the matter is it is a grey area within the law and employer's hire and pay IT professionals a good amount of money to protect their company's assets and data.

Also, by contract, most IT professionals probably aren't allowed to disclose whether or not their employer is snooping on employees due to confidentiality policies…just as accountants cannot disclose the nature of the CPA exam and other confidential matters in the workplace.

We live in a time where the largest and most trusted organizations who promise data security and integrity (Sony, Equifax, HBO, Google, and the list goes on…) have failed at preventing hacks. Things are just not as black and white as “it's illegal to snoop on an employee's personal device”…nor would it be easy to prove.

[Skynet]

Yes, i plugged into the work computer only to have Jeff Elliot show up in a Black Trench coat and asked me whether i wanted to take the Red or Blue pill. He told me if i took the Blue pill i will wake up like nothing happened but if i take the Red pill i will stay in the Prometric test center and he will show me how deep the rabbit hole goes there. True story!

[Hank Scorpio]

Most IT people that work for companies aren't that smart. Installing a cookie on your device is a lot different than installing malicious software to track your every move and key log. It just isn't happening. That is why the writer was advising to bring your own device. Companies can and most often do put tracking and remote access software on devices that they own. It isn't that hard to find malicious software on your device to see if someone is spying on you if you know what you are looking for.

FAR - 10/3/16
BEC - 69 - 10/31/16
AUD - November 2016
REG - December 2016

[Missy]

From what I understand most companies have an IT policy that states something to the effect of “external devices may not be plugged into company owned hardware and no third party software can be downloaded without permission of the IT department”

Which covers the employer because you'd be very hard pressed to go to court and say you violated company policy by plugging in your personal phone and don't like the consequences of having done so. All the company has to say is that they were clear this is prohibited, and if you went ahead and charged your personal phone on their computer hardware you assumed all risk.

Licensed Massachusetts Non Reporting CPA since 2012
Finance/Admin/HR Manager

[Wannafree]

It varies from office to office.Large organization like (Giants JP Morgan or Citi Bank ) are more concerned with safety of their network and computers than your phone contents.They sanitized their laptop in manner that you can't do much .No admin rights so can't install itune on laptop.If you connect ,it's for charging and that's nobody cares.
Some office provide wifi access for phone or laptop . System admin has logs and settings for security and safety.So if any site trying to penetrate or download virus on even on your phone , you will get message.Again goal is safety of network.
Some manager's request for access logs of www and system admins provide that.Some organization gives it regularly to managers.Some managers call the concerned employees and warn them.
Porn sites are big red alert and if someone access it even on their phone using office wifi ,alert logs are sent to managers.Now it's up to manager's what to do with the logs.In case of porn even someone is watching pre recorded clips in his phone and someone caught him and reports to managers ,most likely would lose job.
I have never come across a situation where manager ever asked for contents of someone's phone ( privacy issue ).
I work in IT and if some manager's asked me to send him or her the access logs of someone I know someone is in trouble.Once I had got a request for access logs of one employee ,I checked the log and knew he would lose job ,I sent that log to him and warned him .He got scared and called me ,explained me that he had clicked a link on some magazines and it took him there.I purged the logs and given summarized logs (after that eventful date) to manager.one job saved. LOL
General rule of thumb : If you are using too much your phone for surfing , don't use WIFi of office , buy your own data plan and don't watch adult contents ever in office.If accidently you reached there ,comeback to main site so that if latter manager ask you ,you can justify and log of few seconds will vouch that.

[Anonymous]

Yea, from what I understand if you plug your phone in even just to charge or connect to the company WiFi, IT will be able to see more about your device than just access logs…

I get the impression that if they are using high quality security software (which many employers do, including small accounting firms that require confidentiality) then you are exposing content/data and putting yourself at risk more than you think.

You can look at any data security software website online (for example Barracuda is fairly well known) and get an idea of what type of products and services are out there.

[Anonymous]

I would even be concerned with receiving emails from employers on your personal computer/devices. From my understanding, simple files such as image attachments and PDFs can contain pixels and tracking devices.

I've done myself a favor and created separate users on all my devices for Work and Personal, etc. That way none of my information can get comingled and mitigates any risk of my personal information/data/content from being tracked, accessed, or exposed. This is in addition to updating all my browser and email security settings (two-step verification, disabled cookies, cleared history, disabled location services, etc.) and in addition to anti-virus software and a password management system.

These pixels can tell things such as browsing history, system information, how many times files/emails are accessed, etc.

If you have a Samsung device, they have an app made especially for this that is called “My Knox”. It is free to use and basically creates a separate encrypted drive on your phone for work/business related use and is completely separate from your personal storage. You can basically turn your phone into a personal and work device and switch between the drives seamlessly.

That way I can check my work emails (even interview invitation emails and welcome/new hire packages, etc. that might be bugged for example) in the encrypted work environment without being concerned about my personal browsing habits and data being exposed.

[Anonymous]

Here is a good article on email attachments as I mentioned earlier how even PDF files and simple image files can contain malware.

https://www.makeuseof.com/tag/spot-dangerous-email-attachment/

“Office files with macros are also potentially dangerous. If an Office document extension ends with an m, it can — and probably does — contain macros. For example, .docx, .xlsx, and .pptx should be safe, while .docm, .xlsm, and .pptm can contain macros and can be harmful. Of course, some businesses use macro-enabled documents. You’ll have to exercise your own judgment.”

I am just putting this information out there for anyone interested. You are generally always told that if you have anti-virus software and aren't clicking/downloading anything suspicious then you should be safe from malware. However, as accountants, I think it's important to be more familiar with the reality of the potential for hackers and cybersecurity.

[Author]

Replies