In the days before smartphones – and it wasn’t all that long ago – employees that needed to access corporate email via a mobile device did so with a company-issued device such as a Blackberry. This was at considerable expense to the company issuing the device and therefore mobile access was something that only very few employees had. There wasn’t a larger outcry for corporate email accessibility via mobile because the limited functionality of these devices wasn’t attractive to the average user. And because there were relatively few devices in use, corporate IT departments were able to keep a tight control over them, including the ability to remotely locate and wipe a device that had been lost or stolen.
The introduction of the smartphone to the general public, however, has completely changed corporate communications. The influx of iPhone and Android phones in the marketplace has blurred the line between employees’ personal and corporate lives, making it possible for users to browse the web, download apps, keep up with social media, and check personal email accounts, as well as make and receive business calls on the go. There is also an expectation among smartphone users that company email will be accessible through their personal devices, and employees bring their personal devices into the workplace in order to conduct business. This is most commonly known as “bring your own device,” or BYOD.
Where once the company-issued mobile device utilized company-approved and managed software, today’s BYOD environment is home to a plethora of differing devices and downloaded apps, all out of the control of the corporate IT department. Each device brought into a BYOD environment has its own specific concerns, ranging from software compatibility to the security of corporate and customer information. Without the tight controls of IT security to assure safety of information, malware and unauthorized access become very real and persistent threats.
How, then, to best protect company information in a BYOD environment? Regardless of the device brought into the workplace, many companies require employees to follow a specific set of guidelines in order to use their device as part of their worklife. At their most basic, these guidelines include: use of a password or PIN to gain access to the device, use of locating software which would give the ability to remotely wipe a lost device, and requiring users to install updates of software as released by the device’s manufacturer. A solid security plan for BYOD, however, goes beyond these requirements. The Federal Communications Commission, which regulates all forms of communications transmission in the US, has developed a basic set of guidelines for smartphone security, which goes into greater detail regarding the types of actions that need to be made for security. Mobile operating system-specific guidelines can be found with the FCC’s Smartphone Security Checker.
Regardless if your company employs one BYOD user or more than a dozen, examination of these guidelines and development of company-specific rules regarding BYOD will help to assure the security of your sensitive company information.
For more information:
- FCC Basic Guidelines for Smartphone Security: http://www.fcc.gov/sites/default/files/smartphone_master_document.pdf
- Smartphone Security Checker: http://www.fcc.gov/smartphone-security
{photo used under Creative Commons from mikecogh – flickr}