>Hi all,
>
>Had a customer call and ask this probably impossible question (not VFP related):
>
>"I have found out that one of our IT staff has a private group on Instagram where they have a large following - am I at risk if they are using their iPhone to update this app?" i.e. could their cell phone get infected and then somehow that get back into our network.
>
>I said that being an iPhone, it is probably more secure i.e. less data moving between apps but in reality, there is no way I could say with certainty that it could never happen. Talking to their other IT guy in a "general sense" (this conversation between one of the owners and myself was confidential - they don't want the other IT staff to know about it so they were calling me as an outside person), I asked what measures they had in place for security on their phones - he said "there has never been an iPhone infected with a virus". I have my doubts that this is true but hey, what do I know!

A few general points:

- Here's a fairly decent article about iOS and malware: https://www.digitaltrends.com/mobile/can-iphones-get-viruses/

- What you're talking about is generally called "BYOD" (Bring Your Own Device). You can Google [byod issues] to get an idea of some of the potential problems. Some further questions would be:
- Who owns the iPhone - individual or company?
- Is the individual accessing Instagram on company time, or their own time?
- What are the existing company policies around personal devices at the workplace?
- Is the IT person using the iPhone to access or manage the company environment using a privileged account i.e. a sysadmin?
- Even if the answer to the above is no, chances are they are on the company's WiFi so they can browse Instagram without using up their over-the-air data plan. If so, is the WiFi they're connecting to a guest-only network (i.e. cannot see peers on the same subnet, enforced by the router/AP) or can they see peers?

I'd also be careful about what's really going on here. It may be that management at the company has found the IT person to be spending a lot of company time on Instagram and is looking for a pretext to dismiss them. If so, do you want to be drawn into a dispute like that? If it were me I'd ask flat out what is the underlying motive.