Originally Posted by
Brown Noise Get a phone that complies with what they want. They should have an approved make and model list if this is Their Policy, so insist on one and ask for that list in writing from the IT department (use the excuse "so you can take it to the shop and pick one off the list"), then buy a phone off that list (if there is a most recommended - I'd ask for one to be on the list - get that one). Keep the supplied list very safe (with copies) so you can neatly sidestep any future blame games (incompetents always try to scapegoat and shift blame). eta: Only have approved apps on that phone, and ask for a list of approved apps. If supplied with non-approved apps, uninstall them (any unapproved that can't be uninstalled, notify the IT Department in writing, and ask for a workaround).
Playing fast and loose games with customer, product, and employee security is going to cost 'corporate' bigger than massively, sooner rather than later. Liabilities and vulnerabilities are stacking up extremely high (greatly assisted by *way too many* IT departments that are too keen to kiss corporate a$$ and not lay the law down to protect the interests of shareholders, product, and clients), and there will be a huge amount of damage done 'somewhere' that will have them all panicking even if they haven't been affected by a hugely expensive security breach *yet*. It's not a question of if, it's always when.
So bite your tongue and let them all fall into the traps they are creating for themselves (they are refusing to consider the blatantly obvious, are ignoring their very real responsibilities and duties, with too many proving to be completely deaf to reason, and it isn't your job to get them up to speed on essentials they should already be up to speed on). You have been made aware of something extremely valuable about your employer's vulnerabilities, so pay close attention to what is a clear warning.
In the meantime, look for work elsewhere, with an employer that is not so intent on committing suicide for themselves, their shareholders, their employees, and their customers.
Nobody likes to be 'laid off' out of the blue, and "But nobody could have seen it coming!" doesn't wash when the chips are down and the liquidator has just walked through the front door.