The OP should take heed to your post as it is a sage warning.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
iPad Using employer’s SIM in personal iPad?
- Thread starter jonjames505
- Start date
-
- Tags
- cellular data ipad
- Sort by reaction score
To be honest my concern was not in that sense but mostly security when it comes to your company and how it would affect you and what would be the consequences for you if there is security breach because of you.
The thing is that very little piece of data could be exploited. For example at a security training I heard a story about a guy that used his company laptop to sometimes chat via Facebook. He was chatting with this woman for like 6 months and they reached a point where they exchanged pictures. Problem is she was trying to hack him. She was socially engineering him and targeting him for 6 months, the moment she sent the picture she also infected his computer with malware.
This is how things are done. So my concern mostly is if someone achieves access to that SIM what they could do after that, how they can related it to your company and what they could afterwards.
Yeah, any time you are using employer electronics, you are open to their monitoring. Best to keep them separate.
Depends. If you use their SIM to download content that goes against some corporate policy, you could be facing other disciplinary actions. They wouldn't control your hardware, but since they are paying for the data that gets to your device, they usually have T&Cs that you acknowledge in some way, to mitigate the company's risk, should you use the data plan for some nefarious purpose.
Agree with @BeatCrazy . You should not use your company's SIM. If anything your personal device should be enrolled in your company's "Bring Your Own Device" (BYOD) program (assuming they have one). For example, we employ Microsoft Intune to enroll devices (it's self-service), push our security certificate for settings & management functionality. We also have users sign a BYOD document outlining what we can and cannot do (e.g. we will wipe the device should the user report it stolen, wipe our data should the user depart the company, etc.).
Yeah I forgot about that piece. Depending on the device management platform the company uses, they can absolutely have power to wipe your device. It's part of the terms of service you'd agree to, in order to use the device to receive company email/VPN, etc.
In summary... the OP should ask his employer.
Reminds me of the old children's ploy: Dad can I...? Ask your mother! ... Mom, Dad said it was Ok!
... but bluespark said I could on MacRumors!
Thanks for the summary. A lot of talk for someone who could have just asked at work.
You should never mix personal and work. Just don't. It's asking for all kinds of trouble. From privacy issues to legal issues just don't do it.
That's what I figured as well, and I thought it possible that even more information might be shared. I'm glad there were a couple of posts in this thread (including yours) that addressed that issue. Some interpreted my curiosity on that issue as somehow trying to excuse non-compliant behavior.
Yeah, there's the question about whether your employer allows such usage and another question about hat data they can gather or at least have access to. Like logging on to our work system, a banner would come up saying that all activity can be monitored. Though retired, I was once a technical manager and would assume that the company has no boundaries and would not give them an opening into my personal world.
I remember an IT guy asking a woman if she was looking to move - he saw in logs that she was perusing real estate sites on her work machine at lunch time. Beyond creepy but he had access to all that data.
Discussion is kind of dead since the OP obtained company permission. With or without permission a VPN will not necessarily protect you from employment termination or even legal proceedings when using employer equipment outside of employment policy.
My (southern California) city provided city employees phones and laptops and policy allowed personal use. It only took one "sexting"/ email sexual harassment law suit with multiple defendants (including the city) and plaintiffs against the city to require all employees allow "voluntary" city legal department access to employee email and texting while using city equipment when requested or face immediate termination for violating HR policy. Employees quickly found out: you can't fight city hall.
Tom
Last edited:
All true but I was just Pointing out that if you’re using private vpn the company can’t see what you’re doing
... and my point is the company can still say: show us what you did or you're fired and you may face legal proceedings.
Ok whatever, just was pointing out a small fact, didn’t want to get into ethical debate
It's not an ethical debate: you can do nothing wrong, be completely ethical, but you still give up personal privacy when you mix personal with business.
My wife works for AT&T. She never uses her COU (company owned unit) at home or for personal use. She has the iPhone 12. From my understanding AT&T does not like the COU's used for/as personal devices. I would also bet IT would find out rather quickly it was being used. I know at one time my wife said they monitor the company devices.
Which brings me back to my original comment, thank GOD for vpnIt's not an ethical debate: you can do nothing wrong, be completely ethical, but you still give up personal privacy when you mix personal with business.
Let's address the "technical" for a bit, since the moral has been well covered.
In all likelihood, the employer doesn't "own" the SIM. The SIM is probably the physical property of the cellular provider. The employer is paying the cellular provider for service, the SIM is the "equipment" provided to the employer for accessing that service. The service plan is what the employer has the right to control.
The cellular provider will know what IMEI is associated with the SIM. The employer might ask for that information if they felt the need to confirm that they were paying for service on company-sanctioned devices (concerns about stolen SIMs). (Company-sanctioned devices would be either company-owned or employee-owned bring-your-own devices that have been registered with the employer.) I wouldn't know whether the cellular provider is allowed to supply that information to the subscriber (employer). The cellular provider might even offer device management as a service to their business customers. All of this may vary from country to country.
The prudent thing for the employer to do from a financial perspective is to cancel service on devices that cannot be identified as legitimate. How many employers actually do this, I have no idea.
As to whether a cellular provider or their customer can determine who is in possession of that "incorrect" IMEI/using that SIM without authorization? That would be very challenging - something likely requiring a police investigation. Chances are, an employer would simply pull the plug to end further theft, rather than try to identify the thief.
Is a business in a position to demand access to the data that travels over the cellular channel they pay for? Not to my knowledge. Well, if the data passes through the employer's VPN they would have the right and ability, but for data traveling over a public communications network, no way.
I don’t have AT&T but on Verizon one does not need to ask them for IMEI information - it’s readily available within the device information summaries when logging in as an account manager on Verizon’s site, so if someone in IT is auditing usage and sees something suspicious they can investigate themselves quite easily I would think.
To me, if OP is going to do it - understand that there are metrics that can be monitored (data usage) and there is a means to confirm if a device is the one that the account owner expects it to be using the SIM.
Objection was not an option? What would they do to someone who objected, throw them in the company prison? I suppose they could threaten to fire someone, but here in the US, I feel like that in itself would pose potential legal issues for the company.
I'll be damned if I ever let anyone, an employer or otherwise, "clean" a personal device of mine because I inadvertently received classified information, through no fault of my own. The only exception would be if they had a search warrant, which, somehow, legally authorized them to do so.
Prison? Not the company's but someone else's. You could deal with the company or the FBI and "other agencies" - our world was pretty clear-cut and something we signed up to (literally).
Nope. If you work for a company that deals with PII and/or HIPAA information and something like that happens you certainly can be fired and even face legal charges.