If a person is fired from an organization, you want to restrict their access to information as quickly as possible. Locking them out of their work computer and email is straightforward, a matter of disabling their logon account. If you control their work computer, you can quickly control their access to sensitive material. If they have a company issued laptop computer, you’ll have a procedure in place to get them to hand it over immediately.
Things are more complicated in BYOD scenarios. A big fear in many sales departments is the idea of a salesperson wandering off with the contacts database. If the salesperson is using their own computer all the time the question arises:
“What right does an organization have to purge data from a person’s personal computer that they use for work?”
This is something that you probably want to get locked and stowed before you introduce BYOD into your organization. Come up with a policy for how to deal with the user who gets fired, but also has a substantial store of sensitive company information stored on their personal computer.
It isn’t as though these issues haven’t existed in the past. Many people have a home computer that they might work from by using a VPN to connect to the office and telecommuting has its own set of challenges in terms of securing sensitive data.
The main difference is that a BYOD computer that is used every day at the office for work purposes over the course of months or years is going to have substantially more sensitive organizational data stored on it than a computer used for an occasional telecommute.
So what do you do when someone who has been bringing their own device to work on at the workplace for the last few years is let go? Let them wander off without some type of audit to determine what organizational data is on their machine? Or in allowing a BOYD policy is an organization assuming that it is impossible to control the movement of sensitive data outside the organization and not bothering to try to stem an unstoppable flood?