Nothing is held on your device other than probably a token system which allows you access.

Are page from your corporate intranet or document repository being cached on your phone? Are emails not made available offline? Can the user save attachments from emails? What if the user uses the camera to take a snap of a whiteboard after a meeting, or a document? Phones do more than just emails.

On my phone I cannot actually send data from the personal side to the work side. If I take a photo with the normal phone camera app I cannot then send it to someone on Slack. But I can open Slack then use the camera from within it. There are two separate galleries. Of course, I could still take photos of whiteboards on the personal side, there’s no way of stopping that unless you mandate a separate phone and you go so far as to make people lock up their personal phones or indeed all phones on site (this does happen in some places).

I’ve gone from carrying two phones to one. When I’m on holiday I turn off the work partition.

Yeah, same as mine – it’s fantastic. Just found out you can turn the work profile on and off on a schedule, too.

And I do travel as a part of my job, just takes a bit of discipline (and forwarding travel emails to my Hotmail).

Forwarding work mails to personal email is a sackable offence in our place – but it’s a regulated industry so we’re under a lot of scrutiny.

Fwiw, we do have a byod option, if I recall correctly, everything is in it’s own container on the phone but I have a work phone as I want to be able to turn it off when I’m off.

we have alerts set up for auto forwarding of mass email (outside the business)
if i saw that come up i’d instantly lock the user account down and investigate.

I could refuse to access emails on my personal phone but it’s convenient for travel.

It’s not inconvenient for you, it’s inconvenient for them. Putting privileged information on a personal device means that if anything dodgy happens to the data you are equally liable for the problem. I wouldn’t dream of doing it on my phone. If I really need to access company email, I can do it from Outlook.com in the browser.

If it’s on their device, provided you’ve not been spectacularly negligent and handed out your password or given someone else biometric access, you’re safe.

Mail app and one on the Outlook app. I did exactly this with Google

And so do I. Work run outlook and n the phone. On my personal laptop I don’t have this issue and can run both email accounts on outlook. On the work laptop there is no means of personal email including web browsers.

I only want one phone.

What’s the thoughts on the MS authenticator app on your personal phone? (For use logging onto work accounts).

I think that’s perfectly reasonable (and happily run it on my own phone).

Forwarding work mails to personal email is a sackable offence in our place – but it’s a regulated industry so we’re under a lot of scrutiny.

So do I, do you not use document classification? Most of the crap I get in is Not Protectively Marked, occasionally a Protect: Personal Information and on very rare occasions I get a Protect: Proprietary. I don’t think I’ve ever received or even seen a Sensitive Information or higher but we all know (in theory) the classification system and what we can do with each doc type.

Forwarding work mails to personal email is a sackable offence in our place – but it’s a regulated industry so we’re under a lot of scrutiny.

I work in regulated industry too, but we haven’t a blanket ban (for obvious reasons) – still not installing any form of MDM on my own phone.

Is the company trying to get a certification such as Cyber Essentials? Personal devices are now in scope if they touch personal data. Just having an decent AUP signed by users is not enough, and technical controls need to be in place to ensure compliance. The main reason for this is the old CIA triangle –
Confidentiality, integrity and availability of data belonging to the company. The controls state that all devices must be fully patched, only have authorised apps, not be jail broken, have 6 digit PIN codes and be supported models. Unpatched systems, including phones, are in the top 3 attack vectors for malicious access to data (social engineering and weak passwords the others). It’s a massive problem. If a hacker compromises a phone with access to company data that is an easy way in to the inner sanctum and you better hope the company has good security and detection methods inside. Ransomware, Exfiltration and publishing of confidential data, manipulating data are all possible. CIA goes to pot, GDPR police get involved and it’s not good. The cost of recovery can be huge.
The problem with Cyber Essentials is that it is a tick box exercise and many companies tick the boxes but don’t apply the controls. It drives me mad and I tell customers that is not the point – it is meant to make you more secure and try to stop data breaches. Often it falls on deaf ears.
Separating personal devices from company data is a problem that isn’t going away and sometimes it’s a case of being draconian. The company says you aren’t coming in unless we have controls. You can say no as personal data can be compromised, so you don’t come in. As mentioned, they should provide devices for this access. Many places just ban personal devices now.
I’m ranting a bit, but user awareness training is also massively important. Educate your staff in why these controls are in place and get them on side. All the tech controls in the world don’t protect against an effective phishing attack.
Sorry, you can go back to your daily lives now. But watch out, and update that phone!

Have you read your company policy ?

Ours states that personal devices must be surrendered for inspection upon leaving the company IF you use it for company business…..

Therefore – it’s a hard no for me beyond my immediate team phoning me or whatsapping to let me know to check my other phone when there are issues during my downtime.

Likewise I don’t use my works phone for personal business – I know alot of people do.

everything is in it’s own container on the phone but I have a work phone as I want to be able to turn it off when I’m off.

With the segregated phone you can turn off the work half, it has the same effect.