Today, the world of mobile devices includes smartphones and tablets. This post doesn’t favor any specific brands, but let’s agree that the industry leaders are iOS and Android devices. The jury is still out as to whether or not BlackBerry will become a contender.
Another fact that we must agree on is that most users of smartphones and tablets use Apps. Some of the most common Apps feature news, weather, banking, photo editing, social networking, navigation, entertainment, music, and games. These Apps may be common for individual users, but thanks to Bring-Your-Own-Device (BYOD) to the office, now employees are using their personal devices for work-related projects. This means that your confidential corporate data may now be stored on employee devices – whether you want it to be or not. This is extremely important to the midmarket segment because midmarket businesses tend to allow their employees to leave company email and attachments on their smartphones and tablets.
So with BYOD as part of the equation, does your business have a BYOD policy? How about a security policy? And does your business sponsor regular security training sessions?
While BYOD may sound like a good idea, there are a couple of issues you need to address and make clear in a policy from the start. First, state that your company is not responsible for maintenance or repair of the employees’ devices, should anything happen to them. Otherwise, you will find your IT staff servicing different platforms of devices on company time. Second, do not allow installation of company email services on any employee-owned device. Doing so creates another attack vector for malware. The reason is simple: If an employee’s personal email gets attacked, your company network may then get attacked. A better option is to use a browser-based email portal instead.
Do you instruct your employees on App security issues? For example, if they download a free App, are they aware that the annoying ads might contain links to malware? The malware could interfere with your corporate data, and worse, infect your corporate data. If employees frequently use free Apps, their confidential data stored on the device (name, phone number, email address, contacts, photos, etc.) could easily be shared with the advertiser – and what if the developer sells the data? What if some of the contacts stored on the employee devices are your customers?
Now that you see the reasons to create a BYOD policy and a mobile device policy, ask your employees these questions. How secure is your mobile device? Do you have a backup App on the device? Is your data encrypted? At the very least, do you have a password or passcode to turn it on? Do you have passwords or passcodes on frequently-used Apps? Do you have wipe software installed in case of theft? Is there a policy in place so that when an employee leaves, he/she does not take corporate emails and documents with them? This is especially important if an employee is fired.
There is no dispute that the future belongs to mobile devices and mobile-accessible websites. However, businesses that don’t educate their employees about mobile security may encounter serious data breaches. Don’t you want to be prepared?
Check out this Infographic: Why You Should Care about Mobile Security:
Check out this Infographic: Smartphone and Mobile App Usage: http://www.xcubelabs.com/smartphone-mobile-app-usage.php
This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet. I’ve been compensated to contribute to this program, but the opinions expressed in this post are my own and don’t necessarily represent IBM’s positions, strategies or opinions.