Have you ever signed up for a local community group on social media—maybe your local town’s Facebook group or WhatsApp chat? If you have, you’ll have seen that certain topics come up a lot. After lost dogs, injured cats and missed bin collections, it’s usually lost smartphones.
A lost smartphone is distressing for the owner of the phone. It can also be a big problem for their employer, if that person was using their personal phone for work. Not only might this loss limit their ability to do some aspects of their job, but also:
- Any company data stored on that phone may be lost, and no longer available to the company. Is it backed up?
- And that information may now be out there in the wild. Depending on the employee’s role, that could be information about the company, their customers or their suppliers.
Protecting information with a BYOD policy
If your company is allowing employees to use their own personal devices for work (known as BYOD – bring your own device), you should think about how to protect your company information.
There’s a lot to consider. What security requirements will you put in place, and how will you ensure they are followed? Examples include:
- Access controls:
- the use and strength of passwords (and where they are stored)
- the length of time before the phone auto-locks
- multi-factor authentication for company applications
- revoking access to company systems if necessary
- and so on…
- Managing the device:
- updating software regularly
- restricting which apps can be downloaded
- requiring the use of secure connections
- and more…
- Managing the data:
- encryption of the data
- limiting data loss
- backing up the device data
- deleting it if the owner of the phone leaves the company
- and more…
You’ll probably have to adjust other company policies, such as acceptable use and information security policies, too. And employees will need to read, understand and agree to these new policies. You’ll need to balance the employees right to privacy (and protecting their own data) with the company’s needs.
Technical solutions
There are software solutions you can use to help with these issues.
Mobile device management (MDM) applications enable an administrator to set up and administer security controls for the devices remotely. You could also consider segregation of company and personal data, either:
- on the device. This involves storing company data in an area controlled by the company, separate from the personal data (Mobile Application Management, or MAM)
- or by storing all company data centrally, and providing employees with access to it via a virtual desktop (known as VDI).
However, these technical solutions to BYOD issues typically come with cost. If you are a very small business, strong policies and security awareness training may be a more cost-effective option for now.
So the solution that would work best for you will depend on things such as your business size, what your employees need to use their mobile devices for, where they are working, and so on.
Looking for help with this or any other cyber security issue you are facing in your business? Contact us on 0113 733 6230, or use our contact form.
