You can’t fight them, but before you join them you have to set some ground rules.
iPods, iPads and Android based phones are becoming a staple of office life. But for small businesses these devices bring extra concerns about protecting their computer networks and securing their data. Banning employees from bringing their own devices isn’t an option if you want to retain and keep employees, but implementing clear polices is.
“People have their life on their hip and they want to bring it to work,” says LogRhythm Chief Technology Officer Chris Petersen. “It’s the reality that businesses have to live with today.”
To protect the network from getting infiltrated with malware or from sensitive data falling into the wrongs hands, Petersen says an effective thing to do is to have a separate network designed solely for mobile devices. When employees come to work they can synch their mobile devices with that network similar to how they would do it at home. “It keeps the mobile devices separate from the data the business cares about,” says Petersen.
It’s ok to let employees bring their own devices to work but it’s not ok for the business owner not to know who is using what device in the office. That’s why computer security experts say it’s critical for whoever handles IT to approve any mobile device being used at work. “IT has to review and authorize every device allowed on the network,” says Petersen. What’s more, he says employees have to know what they can and can’t do with the approved devices.
According to Troy Gill, security analyst at AppRiver the small business owner needs to create, maintain and enforce a strict mobile policy. Everything should be spelt out including how soon IT should be notified if a device is lost or stolen and whether or nor the device needs to be protected with a passcode and how strong the passcode has to be. It also means how employees can use the devices with public WiFi hotspots. “Use extreme caution when using devices on open public Wi-Fi. Nearly all smartphones are now equipped with Wi-Fi functionality making them highly vulnerable to attack,” says Gill. “Avoid accessing any sites that require you to use your personal or company passwords, and avoid sharing sensitive information while connected to these public networks.”
Since downloading apps has become a popular pastime for smartphone users, business owners have to be diligent in setting rules when it comes to the apps that employees can download on devices that are used for business. According to Gill employees should avoid downloading apps from unknown sources and should shop in official marketplaces like Apple’s App Store. Same goes for websites and opening emails from unfamiliar senders. Employees have to treat their smartphones with the same caution they do their PCs, say security experts.
One of the biggest risks to small business owners that let employees use their own mobile devices is if that device will get lost or stolen with sensitive business data or customer information on it. In addition to enforcing a strong passcode rule, small businesses need to make sure the devices have encryption installed. What’s more IT needs to be able to remotely wipe and erase the mobile device if it does get lost. “One of the big risk is an employee leaves an iPad and someone has access to all the email and corporate address book,” says Petersen. “Small businesses should require employees to sign a policy on how they will secure the device and that they agree to notify IT within one hour if the device is stolen or lost.”