Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
I mentioned above that our company disallowed the use of personal devices for work but it didn't used to be that way. One day an employee sent out an email that inadvertently contained highly classified information in the text he wrote. All recipients of that email had every device they used that they received email on "cleaned", including personal devices. Objection was not an option. That was classified data, but the same could happen with sensitive proprietary data. Thus ended the use of personal devices. (This was a very large company)
The OP should take heed to your post as it is a sage warning.
 
  • Like
Reactions: digitalexplr
Even with using my personal Apple ID? How would they have any control over anything on the iPad or the iPad hardware? Worst they could do is deactivate the SIM assigned to me, right?
To be honest my concern was not in that sense but mostly security when it comes to your company and how it would affect you and what would be the consequences for you if there is security breach because of you.

The thing is that very little piece of data could be exploited. For example at a security training I heard a story about a guy that used his company laptop to sometimes chat via Facebook. He was chatting with this woman for like 6 months and they reached a point where they exchanged pictures. Problem is she was trying to hack him. She was socially engineering him and targeting him for 6 months, the moment she sent the picture she also infected his computer with malware.

This is how things are done. So my concern mostly is if someone achieves access to that SIM what they could do after that, how they can related it to your company and what they could afterwards.
 
Even with using my personal Apple ID? How would they have any control over anything on the iPad or the iPad hardware? Worst they could do is deactivate the SIM assigned to me, right?
Depends. If you use their SIM to download content that goes against some corporate policy, you could be facing other disciplinary actions. They wouldn't control your hardware, but since they are paying for the data that gets to your device, they usually have T&Cs that you acknowledge in some way, to mitigate the company's risk, should you use the data plan for some nefarious purpose.
 
Agree with @BeatCrazy . You should not use your company's SIM. If anything your personal device should be enrolled in your company's "Bring Your Own Device" (BYOD) program (assuming they have one). For example, we employ Microsoft Intune to enroll devices (it's self-service), push our security certificate for settings & management functionality. We also have users sign a BYOD document outlining what we can and cannot do (e.g. we will wipe the device should the user report it stolen, wipe our data should the user depart the company, etc.).
 
  • Like
Reactions: BeatCrazy
Agree with @BeatCrazy . You should not use your company's SIM. If anything your personal device should be enrolled in your company's "Bring Your Own Device" (BYOD) program (assuming they have one). For example, we employ Microsoft Intune to enroll devices (it's self-service), push our security certificate for settings & management functionality. We also have users sign a BYOD document outlining what we can and cannot do (e.g. we will wipe the device should the user report it stolen, wipe our data should the user depart the company, etc.).

Yeah I forgot about that piece. Depending on the device management platform the company uses, they can absolutely have power to wipe your device. It's part of the terms of service you'd agree to, in order to use the device to receive company email/VPN, etc.
 
In summary... the OP should ask his employer.

Reminds me of the old children's ploy: Dad can I...? Ask your mother! ... Mom, Dad said it was Ok! :cool:

... but bluespark said I could on MacRumors!

Thanks for the summary. A lot of talk for someone who could have just asked at work.
 
  • Like
Reactions: BigMcGuire
Yeah, data usage numbers at the least.
That's what I figured as well, and I thought it possible that even more information might be shared. I'm glad there were a couple of posts in this thread (including yours) that addressed that issue. Some interpreted my curiosity on that issue as somehow trying to excuse non-compliant behavior.
 
That's what I figured as well, and I thought it possible that even more information might be shared. I'm glad there were a couple of posts in this thread (including yours) that addressed that issue. Some interpreted my curiosity on that issue as somehow trying to excuse non-compliant behavior.
Yeah, there's the question about whether your employer allows such usage and another question about hat data they can gather or at least have access to. Like logging on to our work system, a banner would come up saying that all activity can be monitored. Though retired, I was once a technical manager and would assume that the company has no boundaries and would not give them an opening into my personal world.

I remember an IT guy asking a woman if she was looking to move - he saw in logs that she was perusing real estate sites on her work machine at lunch time. Beyond creepy but he had access to all that data.
 
  • Like
Reactions: TPadden
Depends. If you use their SIM to download content that goes against some corporate policy, you could be facing other disciplinary actions. They wouldn't control your hardware, but since they are paying for the data that gets to your device, they usually have T&Cs that you acknowledge in some way, to mitigate the company's risk, should you use the data plan for some nefarious purpose.
Of course there is always VPN not company based
 
Of course there is always VPN not company based

Discussion is kind of dead since the OP obtained company permission. With or without permission a VPN will not necessarily protect you from employment termination or even legal proceedings when using employer equipment outside of employment policy.

My (southern California) city provided city employees phones and laptops and policy allowed personal use. It only took one "sexting"/ email sexual harassment law suit with multiple defendants (including the city) and plaintiffs against the city to require all employees allow "voluntary" city legal department access to employee email and texting while using city equipment when requested or face immediate termination for violating HR policy. Employees quickly found out: you can't fight city hall.

Tom
 
Last edited:
Discussion is kind of dead since the OP obtained company permission. With or without permission a VPN will not necessarily protect you from employment termination or even legal proceedings when using employer equipment outside of employment policy.

My (southern California) city provided city employees phones and laptops and policy allowed personal use. It only took one "sexting"/ email sexual harassment law suit with multiple defendants (including the city) and plaintiffs against the city to require all employees allow "voluntary" city legal department access to employee email and texting while using city equipment when requested or face immediate termination for violating HR policy. Employees quickly found out: you can't fight city hall.

Tom
All true but I was just Pointing out that if you’re using private vpn the company can’t see what you’re doing
 
All true but I was just Pointing out that if you’re using private vpn the company can’t see what you’re doing
... and my point is the company can still say: show us what you did or you're fired and you may face legal proceedings.
 
... and my point is the company can still say: show us what you did or you're fired and you may face legal proceedings.
Ok whatever, just was pointing out a small fact, didn’t want to get into ethical debate
 
Ok whatever, just was pointing out a small fact, didn’t want to get into ethical debate
It's not an ethical debate: you can do nothing wrong, be completely ethical, but you still give up personal privacy when you mix personal with business. :)
 
  • Like
Reactions: digitalexplr
My wife works for AT&T. She never uses her COU (company owned unit) at home or for personal use. She has the iPhone 12. From my understanding AT&T does not like the COU's used for/as personal devices. I would also bet IT would find out rather quickly it was being used. I know at one time my wife said they monitor the company devices.
 
It's not an ethical debate: you can do nothing wrong, be completely ethical, but you still give up personal privacy when you mix personal with business. :)
Which brings me back to my original comment, thank GOD for vpn
 
  • Haha
Reactions: TPadden
I guess we're locked into treating this as a question about rules and policy rather than as a technical question. Too bad.

Let's address the "technical" for a bit, since the moral has been well covered.

In all likelihood, the employer doesn't "own" the SIM. The SIM is probably the physical property of the cellular provider. The employer is paying the cellular provider for service, the SIM is the "equipment" provided to the employer for accessing that service. The service plan is what the employer has the right to control.

The cellular provider will know what IMEI is associated with the SIM. The employer might ask for that information if they felt the need to confirm that they were paying for service on company-sanctioned devices (concerns about stolen SIMs). (Company-sanctioned devices would be either company-owned or employee-owned bring-your-own devices that have been registered with the employer.) I wouldn't know whether the cellular provider is allowed to supply that information to the subscriber (employer). The cellular provider might even offer device management as a service to their business customers. All of this may vary from country to country.

The prudent thing for the employer to do from a financial perspective is to cancel service on devices that cannot be identified as legitimate. How many employers actually do this, I have no idea.

As to whether a cellular provider or their customer can determine who is in possession of that "incorrect" IMEI/using that SIM without authorization? That would be very challenging - something likely requiring a police investigation. Chances are, an employer would simply pull the plug to end further theft, rather than try to identify the thief.

Is a business in a position to demand access to the data that travels over the cellular channel they pay for? Not to my knowledge. Well, if the data passes through the employer's VPN they would have the right and ability, but for data traveling over a public communications network, no way.
 
The cellular provider will know what IMEI is associated with the SIM. The employer might ask for that information if they felt the need to confirm that they were paying for service on company-sanctioned devices (concerns about stolen SIMs). (Company-sanctioned devices would be either company-owned or employee-owned bring-your-own devices that have been registered with the employer.) I wouldn't know whether the cellular provider is allowed to supply that information to the subscriber (employer). The cellular provider might even offer device management as a service to their business customers. All of this may vary from country to country.

I don’t have AT&T but on Verizon one does not need to ask them for IMEI information - it’s readily available within the device information summaries when logging in as an account manager on Verizon’s site, so if someone in IT is auditing usage and sees something suspicious they can investigate themselves quite easily I would think.

To me, if OP is going to do it - understand that there are metrics that can be monitored (data usage) and there is a means to confirm if a device is the one that the account owner expects it to be using the SIM.
 
  • Like
Reactions: bluespark
I mentioned above that our company disallowed the use of personal devices for work but it didn't used to be that way. One day an employee sent out an email that inadvertently contained highly classified information in the text he wrote. All recipients of that email had every device they used that they received email on "cleaned", including personal devices. Objection was not an option. That was classified data, but the same could happen with sensitive proprietary data. Thus ended the use of personal devices. (This was a very large company)
Objection was not an option? What would they do to someone who objected, throw them in the company prison? I suppose they could threaten to fire someone, but here in the US, I feel like that in itself would pose potential legal issues for the company.

I'll be damned if I ever let anyone, an employer or otherwise, "clean" a personal device of mine because I inadvertently received classified information, through no fault of my own. The only exception would be if they had a search warrant, which, somehow, legally authorized them to do so.
 
Objection was not an option? What would they do to someone who objected, throw them in the company prison? I suppose they could threaten to fire someone, but here in the US, I feel like that in itself would pose potential legal issues for the company.

I'll be damned if I ever let anyone, an employer or otherwise, "clean" a personal device of mine because I inadvertently received classified information, through no fault of my own. The only exception would be if they had a search warrant, which, somehow, legally authorized them to do so.

Prison? Not the company's but someone else's. You could deal with the company or the FBI and "other agencies" - our world was pretty clear-cut and something we signed up to (literally).
 
  • Wow
Reactions: mackcat
I suppose they could threaten to fire someone, but here in the US, I feel like that in itself would pose potential legal issues for the company.

Nope. If you work for a company that deals with PII and/or HIPAA information and something like that happens you certainly can be fired and even face legal charges.
 
  • Like
Reactions: mackcat
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.