'Look at my new gadget': phrase plagues IT managers

The number of employees returning from Christmas with new mobile devices has given IT managers across the UK a New Year headache they could have done without.

Many of the mobile phones, laptops, PDAs and MP3 players unwrapped around the Christmas tree will inevitably find their way into workplaces, connecting with the network and synching with their desktop.

And it appears more than a few employees doing so will require help from their IT department. According to independent research conducted on behalf of O2 only one in four companies have a formal policy in place to control the use of mobile devices in the workplace and IT managers are losing one working day per year to supporting personal devices.

Unsurprisingly the majority of IT managers (79 per cent) believe mobile device support disrupts the regular and intended services of the IT department and yet almost the same number (76 per cent) say they have no formal policy in place.

PDAs are the most common personal device to enter the workplace - affecting 79 per cent of businesses. iPods have been cropping up in increasing numbers and are now actively used in 29 per cent of businesses. Personal smart phones are used in 35 per cent of organisations and eight per cent of businesses have even seen staff provide their own Blackberry devices.

Such figures likely only indicate what the IT manager knows about - many mobile devices within an organisation exist below the radar.

Most companies agree that greater mobility and the freedom created by the current range of devices is a boon to staff and the business itself, but these findings reveal the need for the process to be managed effectively.

Hugh Griffiths head of data products and services at O2, said companies need to recognise that their staff are now 'voting with their gadgets' and rather than resist they must enable the move to mobile more responsibly.

"We hope IT departments recognise this obvious pent-up demand for mobile devices from users and better manage the issue of mobility within their organisation," said Griffiths.

By adopting a 'turn a blind eye' approach to managing such devices companies "are not exploiting the full potential of mobile devices, which ultimately can help people do their jobs more effectively", he added.

But even those companies with policies in place are only really scratching the surface. Only 25 per cent of policies actually stipulate that users cannot carry sensitive date on their personal laptops.

Mobile devices, boasting ever-larger storage capacities, have long been identified as a security threat through both intentional and unintentional misuse. While nobody would necessarily question an individual who enters and leaves the workplace each day listening to an iPod the potential is now there for that person to be moving 60GB of data each day.

Similarly an employee's lost laptop or PDA, used at their own risk, may not cost the company anything to replace but if it contained sensitive data the cost to the business could still be considerable.

Peter Dorrington, head of fraud solutions at SAS, told silicon.com: "There is definitely a major threat of 'data harvesting' with these devices. Back in the day a rogue salesman might have printed off a few pages of contacts, or might have filled a floppy disk with data, but the issue now is the sheer volume of data which these devices are able to contain."

"You can now fit a whole company database onto a device the size of your finger," he added.

Dorrington cited the cases of some banks which now require employees to check all personal mobile devices in with reception, but warned that a workforce poorly informed on why such measures are necessary may resent them and see it as 'killjoy-ism'. Similarly such measures may not limit the activities of those with a malicious intent.

Asset management must also play a part, said Dorrington. Typically larger companies have a better idea of what is on their network and what devices are being used because they employ more effective asset management. As such the threat of "data harvesting disproportionately affects small and medium-sized companies", added Dorrington.

Dorrington warned that any policy making is inherently flawed, because it relies on individuals to play by the rules. "We cannot simply rely on people to act responsibly," he said, advising companies to "divorce the data and the business" and take whatever measures they can to remove temptation.