What you need to know when you put your work email account on your iPhone
They can remote wipe your phone. Completely. With no warning.
We did a little experiment at work the other day. We remote-erased my iPhone. The process is very simple:
- the user (me) signed up to receive work emails on my (personal) phone. The standard protocol for this is called Microsoft Exchange. It’s secure, robust and very simple to manage in any size organisation. It’s different to IMAP (which is what gmail and hotmail use). You’ve probably already done this.
- an engineer logs into the Microsoft Exchange Server, finds your account, finds the relevant device and presses “remote erase.”
What happened next was astonishing. About 10 seconds after the engineer clicked the mouse button, my phone turned off. No warning. Then it restarted and it was factory reset. Completely erased.
It had carefully backed up my phone beforehand, so I didn’t panic. Yet.
When I restored, and the added the work email account, it erased again. I had to get the engineer to remove the device from the list on the Microsoft Exchange Server.
While this is a bit shocking, it’s actually a good thing. It means that if your phone gets lost or stolen, then your employer can protect their own interests. They don’t have to rely on you and “find my iphone.”
But, you’re right: it is a bit of a worry. There’s no Apple warning about it and I’ve never seen it in an employee email use agreement. People just don’t know about it.
Mrs Voisey read my post then asked a question:
Is it safe to put your work email on your personal phone?
Well, do you trust your employer? Some people don’t. If you don’t then you’re being pretty generous by using your personal phone.
If you do, then they probably trust you.
It’s really important that both partys are aware of this stuff.
In the same vein, should you put your work email on a smartphone without a passcode or similar method to lock the phone to stop accidental viewing of emails?
I think it’s pretty reasonable for organisations to develop policies in partnership with employees for these situations.
Thanks, Andy. I agree. It’s perfectly reasonable to insist on security standards on employee’s devices.