Help My employer IT grinds my gears

[Robhimself]

So I took a job with this company a little over a year ago that is much less responsibility and more pay plus I get to work from home and hang out with my giant dog. They pay my Internet and part of my cell phone and things are awesome.... Until last night.

My phone suddenly wanted me to create a password for exchange and I was like WTF?! I did it thinking that work was doing something lame and then I realized it wasn't just for my mail I needed a password to unlock the phone to do anything. Apparently IT department is starting new security that will make this necessary for everyone without regard for people that are on the move a lot. I never got an email that they were doing this and when I asked about it they immediately changed the policy but said it was going into effect next month.

I used to be a system admin at my last job which was in a HIPA compliant IT office. I had to sign my life away so I couldn't talk about patient information but they would never in a million years think about doing this. My current job really doesn't have secure information other than in our software which cannot be emailed anyway.

I guess what I am getting at is if any of you guys are in charge of your IT/telecom people do not institute this policy on your employees, especially when they are using their own phone.

PS once you turn on the password is there any way to turn it off?

 

[ctc]

Sorry dude, if you want to access the company systems on your phone you gotta follow their policies.

 

[jskolm85]

Sorry dude, if you want to access the company systems on your phone you gotta follow their policies.

agreed

 

[Terabethia]

Okay, I am so confused...

Do you mean that you will now have to use a password to unlock your company related features? Such as the mail?

Or do you mean that you have to use a password to unlock anything and everything on the phone, including your apps and stuff? Cause I don't see how they can do that (as in, technically speaking... as that would require installing software on the phone remotely and being able to monitor it so you don't turn it off, which I don't think is possible).

If it's the former, that makes total sense and every company I have worked for (or have friends work for) does this! It's so that people can't pick up your phone and start messing with your company data. Or worse yet, you lose your phone and now someone has access to all that stuff.

Frankly, it's VERY smart of them to do that and I am surprised that it wasn't already in place. But good for them for finally putting it in.

I don't really see the problem... it's an extra 2 seconds to unlock and ensures that your companies information stays safe.

 

[Dmtalon]

Pretty sure the Exchange Policy's will make it so he has to have a password to unlock the phone at all. Thus protecting any company information. (calendar/mail/contacts)

 

[Robhimself]

It requires me to enter a password to do anything on my phone not just access mail. I agree its their policy but locking the mail is one thing locking my ability to make a call is another. Hopefully they don't go ahead with it but if they do I am just going to let them buy me a phone and I'll carry 2. Sadly their company phone is an iphone or a blackjack.... UGH yuck

 

[ctc]

It is the same with my company blackberry. Their policy requires an unlock PW.

 

[Terabethia]

Pretty sure the Exchange Policy's will make it so he has to have a password to unlock the phone at all. Thus protecting any company information. (calendar/mail/contacts)

Yes, I understand that. I was wondering if he had to simply unlock the phone or if he had to also unlock each and every program separately.

I really don't see the problem, TBH. Like I said, I am surprised that they didn't have this already. While it's the "OP's Phone"... the company is helping to pay for it. And they are allowing their programs to be accessed remotely on that phone. They have to protect themselves and their company data.

If you don't want to deal with this on "your" phone, then I can only suggest that you add another line to your plan and get another phone for work purposes only.

But maybe the OP is just having a bad day and this seems like a bigger problem that it really is

 

[Deleted User]

If you're going to store internal company information (e.g. email/contacts/calendar) you are beholden to the internal company IT policies.

I've worked in IT my whole life and I would be pissed if someone lost their phone full of internal emails and had no password on it. Security policies are there because people can't be trusted to know what is secure and what's not.

Any exchange server I've administered has had security policies in place to protect the corporate data. Devices that did not support the security profiles were not allowed to connect.

Just because it's not government mandated compliance (HIPAA) doesn't mean it's not important... and maybe it's me but I really can't see the hassle of owning/carrying/charging two phones to be easier than hitting 4 digits to unlock.

 

[mcapozzi]

NOTE: THE FOLLOWING ADVICE COULD GET YOU FIRED!!!

Lockpicker (available through the market) will circumvent your company's mobile device security policy and disable the mandatory PIN lock. The only way they'll know you did it is if they take possession of your phone.

-Mike

 

[JaredRS]

I used to be a system admin at my last job which was in a HIPA compliant IT office. I had to sign my life away so I couldn't talk about patient information but they would never in a million years think about doing this.

Want to bet? I work in hospital IT. In order to be HIPAA compliant, this is a requirement now. Doesnt matter if its a personal device or a company device, if it stores company email it must be password protected (it has to store on the phone.. not access via webmail), and they must be able to remotely wipe the device if it is lost.

 

[A.Nonymous]

I'm a sysadmin and I support a password policy. To clarify what the OP is saying, the password lock doesn't require you to enter a password every single time you try to run a program. It simply locks the phone after a predetermined time. It's the same thing you have the option of setting yourself inside the phone if you wish. The OP is just frustrated that every time his phone locks he has to put in a password. While I can relate to that, you have to realize that you do have proprietary data on your phone in terms of contacts, e-mails, calendar appointments, etc......

If I'm a company, I don't want my entire customer list to fall into the hands of someone who may not have my best interests in mind. So I'm going to enforce a security policy on every client of mine I can convince to go for it. It makes too much sense not to. If you don't want to have to unlock your phone, then you have the option to not get company e-mail on your phone.

 

[BringinTheHeat]

So I took a job with this company a little over a year ago that is much less responsibility and more pay plus I get to work from home and hang out with my giant dog. They pay my Internet and part of my cell phone and things are awesome.... Until last night.

My phone suddenly wanted me to create a password for exchange and I was like WTF?! I did it thinking that work was doing something lame and then I realized it wasn't just for my mail I needed a password to unlock the phone to do anything. Apparently IT department is starting new security that will make this necessary for everyone without regard for people that are on the move a lot. I never got an email that they were doing this and when I asked about it they immediately changed the policy but said it was going into effect next month.

I used to be a system admin at my last job which was in a HIPA compliant IT office. I had to sign my life away so I couldn't talk about patient information but they would never in a million years think about doing this. My current job really doesn't have secure information other than in our software which cannot be emailed anyway.

I guess what I am getting at is if any of you guys are in charge of your IT/telecom people do not institute this policy on your employees, especially when they are using their own phone.

PS once you turn on the password is there any way to turn it off?

No way to turn it off except at the Exchange Server.

Also, your old office wasn't HIPAA compliant if they didn't require you to have a password. Simple as that. Just be thankful that your employer still allows you all the control over the rest of your phone and allows you to use an Android device. A lot of my customers will only allow their employees to have access to a BES server...Wackberry only.

Be very thankful...it could be a lot worse.

 

[Robhimself]

No way to turn it off except at the Exchange Server.

Also, your old office wasn't HIPAA compliant if they didn't require you to have a password. Simple as that. Just be thankful that your employer still allows you all the control over the rest of your phone and allows you to use an Android device. A lot of my customers will only allow their employees to have access to a BES server...Wackberry only.

Be very thankful...it could be a lot worse.

Definitely was a HIPAA compliant shop. We had BES so we ould wipe what we needed to also could change the PW if it got lost. What I meant was can I turn off the local password on my phone once it is entered. I didnt really see a way to do it but I didnt try deleting the exchange account from my phone.

I guess my deal is when im on the road. I havent tried my hands free yet but if i cant dial a client I really dont want to be one of those people typing while driving. Not a huge deal but I guess they just got on my nerves cause it came out of nowhere, no email, no call, no memo. Its their network and their info I guess moving to a much lower position than I was used to I just see what I would do differently.

Yes sort of having a bad day because verizon cant follow instructions and install a dmarc where we requested even though the guy who was on site insisted they were putting it in the wrong place. LOL! If this is the most stress I have all week I'll take it.

I just hope next time they roll this out I am told about it not flipping out because my phone was going to erase my data in 4 mor tries and me being like WTF?

 

[Bundy]

Doesn't "much less responsibility and more pay plus I get to work from home and hang out with my giant dog" trump having to type in a password on a phone?

 

[rcicu]

NOTE: THE FOLLOWING ADVICE COULD GET YOU FIRED!!!

Lockpicker (available through the market) will circumvent your company's mobile device security policy and disable the mandatory PIN lock. The only way they'll know you did it is if they take possession of your phone.

-Mike

I use this App and it works great!

If you are concerned about security and want the pattern lock remove the exchange account, verify that you nolonger need a password, create the pattern lock, add the exchange account, and install lockpicker

I believe that your employer still has right to wipe your device as a security measure...

Good Luck!

 

[benson304]

Company policy for me too, the largest public accounting firm in the world.

Seems like a pretty normal thing to request, they don't want someone just coming along and picking up your phone and having easy access to your exchange server, which has the emails of the entire company on it.

 

[callmeox]

Life lesson:

Company owned devices are for work information, personal devices are for personal information. If they want you to have access to your company email on the road, they should provide the device.

Never EVER allow your employer to access your personal device.

Ever.

 

[jamor]

Imagine what they could do in terms of looking into your personal information?

Anyways, a solution is to get a secondary phone/line that you just use for your company e-mail.

With that kind of access to your phone, they could probably look anything you've done on company time and fire you if they want. What if they bricked your phone for false reasons or looked up your call, text history.

I would have a secondary phone in a heartbeat for personal use.

Not doing so gives them lots of leverage and power over you. Don't let them have that power.

 

[& droid]

Lurked around for months but first post I had to chime in on.
I set this up for myself not just because of the work information stored but if my phone was ever stolen or lost I would not want anyone to have access to anything on my phone. Just think about how much someone would know about you digging around in it. Scary.

Even the girls I date that want to use my phone I will unlock it and dial the number for them. I'm not that shady but it's my own s*** on there.(different topic on it's own)

Its bad enough the premissions that some apps use. Which is why I don't use some of them.
I am lucky that my employer is owned by my dad and don't worry to much about them accessing anything.

 

[jamor]

Life lesson:

Company owned devices are for work information, personal devices are for personal information. If they want you to have access to your company email on the road, they should provide the device.

Never EVER allow your employer to access your personal device.

Ever.

Agreed - along the lines of what I was saying.

 

[Android&Dom]

So I took a job with this company a little over a year ago that is much less responsibility and more pay plus I get to work from home and hang out with my giant dog. They pay my Internet and part of my cell phone and things are awesome.... Until last night.

My phone suddenly wanted me to create a password for exchange and I was like WTF?! I did it thinking that work was doing something lame and then I realized it wasn't just for my mail I needed a password to unlock the phone to do anything. Apparently IT department is starting new security that will make this necessary for everyone without regard for people that are on the move a lot. I never got an email that they were doing this and when I asked about it they immediately changed the policy but said it was going into effect next month.

I used to be a system admin at my last job which was in a HIPA compliant IT office. I had to sign my life away so I couldn't talk about patient information but they would never in a million years think about doing this. My current job really doesn't have secure information other than in our software which cannot be emailed anyway.

I guess what I am getting at is if any of you guys are in charge of your IT/telecom people do not institute this policy on your employees, especially when they are using their own phone.

PS once you turn on the password is there any way to turn it off?

I had the same problem...download an app called lockpicker..it'll solve all your problems

 

[slackfumasta]

Imagine what they could do in terms of looking into your personal information?

Anyways, a solution is to get a secondary phone/line that you just use for your company e-mail.

With that kind of access to your phone, they could probably look anything you've done on company time and fire you if they want. What if they bricked your phone for false reasons or looked up your call, text history.

I would have a secondary phone in a heartbeat for personal use.

Not doing so gives them lots of leverage and power over you. Don't let them have that power.

No, they can't, at least not on a non-blackberry phone.

What they can do is require that your device has it's PIN lock feature turned on in order for you to access company mail. They cannot read your phone.

However, they can initiate a remote wipe of your phone if it is tied in to their Exchange server. Since we are talking about Android phones, I'm sure there are apps that can be used to prevent this feature from actually happening on your phone, just like the one that will bypass the PIN requirement. Of course if they ever found out, they'd likely not allow your device to access mail anymore, and may even try to wipe it (or tell you to so you don't get fired).

Incidentally, at my current job I set up the Exchange environment before I moved to a different department, and I made sure that my account was listed as an exception to these security requirements

 

[kyler13]

Life lesson:

Company owned devices are for work information, personal devices are for personal information. If they want you to have access to your company email on the road, they should provide the device.

Never EVER allow your employer to access your personal device.

Ever.

This. Period.

 

[jamor]

No, they can't, at least not on a non-blackberry phone.

What they can do is require that your device has it's PIN lock feature turned on in order for you to access company mail. They cannot read your phone.

However, they can initiate a remote wipe of your phone if it is tied in to their Exchange server. Since we are talking about Android phones, I'm sure there are apps that can be used to prevent this feature from actually happening on your phone, just like the one that will bypass the PIN requirement. Of course if they ever found out, they'd likely not allow your device to access mail anymore, and may even try to wipe it (or tell you to so you don't get fired).

Incidentally, at my current job I set up the Exchange environment before I moved to a different department, and I made sure that my account was listed as an exception to these security requirements

Ah! Good to know. I was gonna say.. if they did have access to all of your personal information it would seem like an invasion of privacy.