Local companies are not taking the necessary steps to protect themselves from the growing threats posed by mobile devices. In fact, most business leaders are unaware of the magnitude of the risks posed by these innocuous-looking gadgets.
Whether it is a memory stick, Smartphone, MP3 player or even a company-authorised laptop, it is simple for even technically ignorant employees to copy data onto these devices with the intent to sell or give it to competitors, manipulate it to their advantage or even trade information such as credit card numbers to criminal syndicates.
“With more companies taking advantage of mobile technology to empower employees, the risks posed by these devices makes it a corporate governance issue,” explains Amir Lubashevsky, director of Magix Integration. “Unfortunately, mobile technology is a very useful part of modern business and companies can not simply ban all gadgets.
“Developing a mobile device policy framework as part of the corporate security policy is the only way to effectively mitigate these risks.”
The first step in the formulation of this framework is for the organisation to be aware of what mobile devices are being used by which employees and why. The policy must then stipulate which members of staff can use particular devices and what information they can access.
Of crucial importance in controlling the use of mobile devices is the ability of the business to determine the correct level of security to institute.
“You can’t be so secure that you actually inhibit employees’ ability to do their jobs and you can’t be so open as to encourage data thieves to do theirs,” Lubashevsky says. “Allowing those people who need to be mobile the freedom to operate unhindered while implementing non-invasive monitoring to make sure no rules are broken is essential.”
The mobility risk is not always a result of malicious intent, however. Being inadvertently infected by malware, which can be transferred to the corporate network when next the device is used for legitimate work purposes, is also a threat in our always-connected world.
Additionally, to deal with the accidental or intentional loss of mobile devices and the risk of exposing data under those circumstances, policy must stipulate that information stored on one of these gadgets is always encrypted. This will not affect the user’s experience in any way, but will ensure that information will be useless to unauthorised owners.
There is an almost endless procession of mobile devices hitting the market today. To meet corporate governance and upcoming legal requirements concerning the protection of sensitive data, a comprehensive security policy backed up by the appropriate precautions and transparent monitoring is the only way to ensure these devices are not used to compromise confidential information or executives’ freedom.