Risky Business: Personal Mobile Devices at Work
In a recent survey conducted by Harris-Decima for Rogers, almost half of Canadian smartphone owners said they keep their device with them pretty much 24/7. Hmmmm, turns out I’m just another sorrowful statistic!
In all fairness, we live in an era where Smartphones have replaced cameras, calendars, notebooks, alarm clocks, and so on. I can’t think of one person I know that doesn’t own a personal cellphone, tablet and/or laptop.
Because of all they can offer, smartphones and tablet devices are essential to many professions’ daily operations and many businesses now allow employees to bring these personal devices to work or use them to access work information. As a result, new risks have emerged.
A new survey conducted by Kaspersky Lab and B2B International showed that allowing personal devices at the workplace is currently one of the top risks for companies. Nearly 20% of firms have reported that mobile devices have been stolen and 5% lost personal information because of that theft.
The need for proper phone security is no different than the need for a well-protected computer network. A smartphone can grant access to any number of applications, emails and stored passwords. Depending on how your organization uses such devices, unauthorized access to the information on a smartphone or tablet could be just as damaging as a data breach involving a more traditional computer system.
So how does an employer mitigate the risks?
If your company allows employees to use their personal device, it is important to educate employees about the responsibility they bear when accessing company data on their personal devices. Part of this education should include the risks associated with disabling security features, jail breaking their phone, downloading apps from unknown sources, using open wireless connections and other activities that can compromise security.
To prevent someone from accessing a lost or stolen device, the phone or tablet should be locked with a password. The password should be time sensitive, automatically locking the phone out after a short period of inactivity.
Another security measure is to establish a Smartphone Policy defining the rules for what employees should and should not do when they access your network, regardless of whether they use company computers or personally owned devices.
It is important that employees understand the security risk inherent to smartphone use and their role in its mitigation. Well-informed, responsible users act as a valuable layer of security in protecting mobile devices.
Bring Your Own Device (BYOD) systems can be huge money-savers for companies, reducing the amount spent on hardware and software purchases, maintenance and the cost of training employees to use the equipment. Especially for rapidly expanding companies, allowing personally owned devices could save thousands of dollars in upfront IT hardware costs for new employees.
Awareness and a few preventative measures can go a long way. In the end, everything we do has inherent risk – c’est la vie… We can’t reap the benefits if we don’t take any risks; let’s just make sure we are careful about it.