When you run a small business, allowing your employees to use their smart phones and other mobile devices for work often just happens without any real concern or discussion. Unfortunately, this can backfire. All the attention and investment you’ve made in protecting your business data from security breaches can be inadvertently blown when an employee’s phone is stolen or hijacked.
Today work and leisure time overlap and our smart phones often do double duty. This means employees’ personal devices represent a security risk – a gateway to company data. To underscore the relevance of this issue, Apple recently revised its mobile operating system and added new security features to its iOS7 smart phone, aiming to make it less vulnerable to unauthorized access. Unfortunately, its new Control Center, accessed without unlocking the iPhone, not only gives its owner handy access to frequently used apps such as the clock, flashlight, music and camera, but it also has proven to be a way for snoopers, scammers or thieves to get unauthorized access to contacts, photos and social networks. Further security flaws have been discovered in the Siri app (iPhone’s voice-command personal assistant). Until these problems are resolved, the best way to counter these security breaches is to switch off the settings for the Control Center and Siri.
How you can you protect your business data from possible security incursions made from personal technology? If you don’t have an information technology expert on site, many cyber security companies can provide the expert advice you need.
- First, develop a Bring Your Own Device Risk Management Plan. Let everyone who might use their own phone or tablet for work purposes know that you want to protect their device in order to protect your company’s secure data. Explain why including their personal technology in the company’s security effort is vital. Don’t skip the explanations. Remember that you are going to be asking employees to put software on their devices to safeguard your company’s data, and you don’t want to alienate people who feel their privacy could be threatened.
- Perhaps the most important first step is to find the means to wipe the company’s data from an employee’s phone or tablet if it is stolen. Again, whatever software or apps you use must be able to distinguish corporate data from personal information.
- Many companies use encryption in their office technology to safeguard the way data enters and leaves the program. It is a logical step to extend this oversight to mobile applications. Likewise, experts familiar with security issues involving smart phones suggest that companies consider deploying programs to limit the flow of data between applications on a mobile device. This is because there is no way for a corporation to screen the thousands of apps available to smart phones. A company may have strict rules restricting downloads to company-approved software, but employees using their own phones will download whatever they want. Companies have no way to monitor this.
Finally, all the best plans in the world won’t help if compliance is an issue. It is important that employees understand why your firm’s data security efforts must include their personal technology – and that they buy into the plan.