Managing the risks of a mobile security tsunami - why a personal mobile device acceptable use policy for your organization matters.
Personal smartphones, laptops, tablets, e-readers, netbooks, gaming devices – it’s a whole new mobile wild west out there. At first, organizations and their IT teams, understandably fearful of the risks to the integrity of private information and business data, were resistant to giving employees’ personal devices access to the organization’s business network. But increasingly, they’re having a change of heart.
Why? For starters, with employees logging on to answer emails, review contracts and marketing materials or simply catching up on a mountain of work anytime of day or night, offering them the freedom to use the same devices at work, on the road and at home means increased accessibility and productivity with a device each of those employees is already familiar with.
Equally important, mobile device management has improved by leaps and bounds to the point where now a single interface can be used to manage devices whether they’re on a BlackBerry platform, Apple iOS or Google Android. That’s gone a long way to mitigating resistance from IT departments fearful of security tsunamis.
Still, there are big risks with allowing personal mobile devices within organizations as well as responsibilities each employee must be made aware of and take on. Closing that loop starts with a flexible but firm personal mobile device acceptable use policy, which each employee must agree to before being allowed to use a mobile device on the corporate network. An acceptable use policy includes:
- Access policies: For instance, mobile devices must be approved by IT before they’re connected to the corporate network and they must be modified or set up to conform with the organization’s security standards.
- Security policies: Devices must be encrypted with a strong password, be reasonably physically secured and the computers they connect to must have up-to-date anti-virus software. Employees must also not bypass security measures, leave company data on their devices unnecessarily or use location-based services. Perhaps most importantly, employees have a responsibility to report a lost or stolen device as soon as possible so that any sensitive date can be remotely wiped.
- Protocol policies: For instance, employees are made aware that their activity is monitored while on the corporate network and that they will or won’t be reimbursed for a variety of hardware and software costs related to their devices.
- Support policies: In exchange for allowing personal devices to be used appropriately, responsibly and ethically, organizations provide limited support for issues related to corporate email, calendar and collaboration tools.
Adopting unified mobile device management capabilities along with creating and instituting a robust and effective personal mobile device acceptable use policy are two key ways helping organizations manage the rapidly evolving new reality of business and personal mobile devices.
Why create all these policies from scratch? Leverage best-of-breed policies that are tried and tested by Info-Tech Research by downloading this presentation. You can put in your organization’s name and use the presentation to train your employees on the policies you create.