Policing personal calls on business mobiles

Responsible employer or miserly git?

  • alert
  • submit to reddit

SANS - Survey on application security programs

Workshop Communications technology makes it easy to mix up personal and business calls. If you want to keep track of what you pay for, and minimise your mobile bills, then you should be able to monitor personal use at some level - either independently, or with the help of your service provider.

Giving employees a mobile phone or handheld email device tends to extend the time they are paying attention to work. Even if the employer doesn’t encourage employees being disturbed when off duty, it’s inevitable. Many of us have a personal discipline problem too: we can’t stop "checking in", or keeping an eye on the inbox, when we really shouldn’t be thinking about work at all.

It might be fairest to permit workers to use their mobile for personal calls and activities; but businesses worry about the general cost of mobile, aggravated by roaming charges and the increasing use of data services.

Many of us blame mobile operators, rather than employees, for high costs. We discussed this in our recent article Happy with you mobile provider?. You highlighted problems of complex pricing, lack of commercial flexibility and lack of proactivity when it comes to notifying us of tariff changes.

Add a perceived lack of help from operators over bill analysis and cost management, and money spent on personal use becomes part of the problem of working with your operator. Most of the comments that came back from our article on The challenges of mobile billing debated whether we should worry about personal calls from mobiles and, if so, what we should do about it.

Point one - it is almost impossible to stop people using business mobiles to make personal calls.

There wouldn’t be a problem. But you can’t tell an Englishman to not use his phone for personal use, and expect them to not use their phone for personal use. I don’t think that they are capable of simple instruction.

You could make personal use a disciplinary offence, but when is a personal call a business call? Example: you call home to let the family know you are working late, and you spend time on the call discussing something personal that you would have dealt with face-to-face if you had been home on time.

An itemised bill doesn't solve the problem of finding out what’s legitimate and what’s not:

Unfortunately being able to separate business from personal calls via a bill is nigh-on impossible and pretty unenforceable, certainly within my company.

With a 24/7 workforce who have to deal with many external suppliers, subcontractors and other 3rd parties, being able to reconcile this correlation of personal vs private usage based simply on a phone number is simply impossible. And asking staff to identify which is which themselves is OK, but needs to be incentivised to encourage its use, and I've yet to see any mobile supplier offer anything to support this.

Some of you question whether trying to work through itemised bills is worth it, particularly as there is no longer a regulatory driver in countries like the UK:

The use of a mobile phone for personal use (as long as only one mobile phone is issued) is no longer a taxable benefit, so it's pointless.

This same reader described a pragmatic approach to make users aware that the company was at least keeping an eye out for abuse:

If you use a manual process to look at 10 per cent of the highest bills every month, this will send out a message that people need to be sensible.

Many of you want it to be both possible and worthwhile to analyse bills properly, so at least you know which users are making a lot of personal calls. Some use DIY development approach to creating analysis tools, some buy apps specifically designed for the job, and some use network-centric approaches in which the operator helps:

Get the data into a CSV file, or (better) an SQL database, and you can use half a page of Perl code to do the analysis for you.

Definitely not impossible [to analyse bills effectively]. I work for a company that provides this service. Our software accessible via a web portal, uses suppliers CSV call data to produce itemised billing. Users can log on and tag their calls as personal or business. The calls can default to personal or business depending on customer preference, time of day or any other criteria.

The system also includes a method to allow mangers to approve personal calls and a method for administrators to manage the payment for these personal calls. This process has saved some of our customers tens of thousands of pounds a year. It is possible and it is worthwhile.

One organisation I know has an arrangement where you dial a prefix for personal calls, which are then charged to you. Anyone found making personal calls without using the prefix had better start sprucing up their CV. The handsets I've seen staff using are not smartphones, so I assume it's done on the network end by the telco.

There are a lot of products and services to allow you to analyse the bills you receive from mobile operators, and a web search will show options for companies of all sizes.

Contrary to some of your feedback, most operators are aware of the problem and have some facilities in place that can help – though, true to form, you will need to pay for them.

Ultimately it might not be worth actively policing personal calls - it depends upon your culture, and the nature of your workforce. The impact on morale is obviously important, summed up by our last reader comment:

How about companies stop being miserly gits and actually focus on improving the lives of their employees such as not pestering them about making a couple of calls.

If you think you work for one of these miserly gits, tell us what the effect is. Or if you think you have solved the problem, let us know how you did it.

We especially want to know more about the potential for abuse of mobile data services. Are your users streaming movies or playing games on the company smartphones and cellular-enabled laptops? If so, what do you do about it?

Top three mobile application threats

More from The Register

next story
Virgin Media so, so SORRY for turning spam fire-hose on its punters
Hundreds of emails flood inboxes thanks to gaffe
A black box for your SUITCASE: Now your lost luggage can phone home – quite literally
Breakfast in London, lunch in NYC, and your clothes in Peru
AT&T dangles gigabit broadband plans over 100 US cities
So soon after a mulled Google Fiber expansion, fancy that
AT&T threatens to pull out of FCC wireless auctions over purchase limits
Company wants ability to buy more spectrum space in auction
Google looks to LTE and Wi-Fi to help it lube YouTube tubes
Bandwidth hogger needs tube embiggenment if it's to succeed
Turnbull gave NBN Co NO RULES to plan blackspot upgrades
NBN Co faces huge future Telstra bills and reduces fibre footprint
NBN Co plans fibre-to-the-basement blitz to beat cherry-pickers
Heading off at the pass operation given same priority as blackspot fixing
NBN Co in 'broadband kit we tested worked' STUNNER
Announcement of VDSL trial is not proof of concept for fibre-to-the-node
prev story


Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.