BYOD- Bring Your Own Device-causes security concerns
The explosion in the use of IPhones, Blackberries and Android smart phones over the past few years will come as no surprise to anyone who has ever ridden a commuter train or visited a Starbucks store. As the use of these devices in businesses have become more prevalent, they have become more and more integrated into the Information Technology strategies of many businesses around the world.
But the high level of portability and increasingly greater storage capacity of these devices makes them increasingly vulnerable to loss and theft and, as a result, puts the information they contain at greater risk of loss or, worse, of falling into the wrong hands. Hundreds of thousands of wireless devices are lost in taxis, airports, hotels and locker rooms every year and most are never recovered.
If your wireless devices are integrated with your mobile CRM, corporate address book or other business applications, your company needs to be thinking about how to secure the devices and protect the data, even if the actual devices belong to your employees.
In an environment where the company issues devices to its employees, devices can be standardized, applications that can locate and disable lost devices can be installed and data can be encrypted. However, more and more organizations are allowing their employees to carry their own devices and attempting to integrate them into the organization’s applications. In a recent Information Week report, only 14% of the 322 business technology professionals responding to a survey reported that they have no plans to allow personal devices.
This trend towards BYOD (bring your own device) should come as no surprise to I.T. and telecommunications managers. Not only do many organizations believe that having their employees carry their own devices will save them money, but many younger employees have been carrying cell phones and other wireless devices since they were in Middle School and would prefer not to carry a second device for their jobs.
Policy and Safeguard Key Considerations
However, if your organization has important data residing on or accessible via wireless devices, it is becoming ever more important to have policies and safeguards in place to secure the data. Here are a few key considerations:
- If the phone number of the device the employee is carrying is published on your web site or other directories, you need to own the device to protect the number (and potentially your customers) from migrating to the competition if the employee leaves the company.
- Your policy should require the employees to password protect their devices and report any loss immediately.
- Employee-owned mobile devices should be equipped with applications that can locate lost devices and disable them or erase any sensitive data.
- Adherence to the wireless policies your company adopts need to be enforced and referred to in employee handbooks and made part of periodic performance evaluations.
Finally, one thing we can all be sure of is that the pace of technology advancement will outpace the development of policies, but they need to be revisited at least once a year and modified as needed. There are plenty of model policies available and a less-than-perfect policy that is enforces and updates is far better than a world-class policy that is ignored by both employees and management.
Frank Smith is Principal Consultant at Abilita in South Bend, Indiana. You can reach him by email. Abilita is a leading independent telecommunications consulting organization that helps its clients manage telecom technology and costs, and has over 25,000 wireless devices under management. Check out Abilta's video.