In this 2011 post from Computer Weekly, security expert, speaker and evangelist Peter Wood explored how corporate data can find its way onto smartphones and other mobile devices.
Although the article may seem dated (it was published in June 2011), the advice is more relevant than ever today with pervasive cloud applications from Google, Microsoft, and others.
These applications are good—they liberate the user from specific devices, and by facilitating ‘’Bring Your Own Device’’ working can reduce the organization’s cost base, but as with every good thing, there can be a downside.
The author’s concluding advice is:
“A company’s acceptable use policy must be updated to embrace smartphones and tablets as well as to illustrate that everyone benefits from making consumer devices secure. Employees should understand their personal data, such as bank details, logins, and private emails need to be secure, just as much as the business information on their mobile devices.
A policy should also clarify who owns the data on the consumer devices and what users’ responsibilities are. The policy should require users to:
- Register their personal devices before using them for company business.
- Notify the company if their devices are lost or stolen.
- Protect their devices with a secure password.
- Only access the company network using an approved method, such as a VPN.
- Install (and keep updated) security software, such as antimalware and remote-wipe applications.”
All of which adds up to a reasonable balance between convenience and data security. In fact, never ignore the importance of the recommended ‘win-win’ approach where better security behaviors on mobile devices are ultimate to the benefit of the individual as well as the employer, should a device be lost or stolen.