Modern Challenge To Information Security
Statistics show that a large percentage of security breaches by malicious insiders or compromises resulted from attackers leveraging exploits on mobile devices to launch attacks on more sensitive internal resources. Thus, protecting cell phone usage for companies has to be a priority. Additionally, relying on everyone to secure their smart phones is bad practice. For example, no one expects you to implement every new security technology as soon as it hits the market. Unfortunately, many people ignore updates that come standard on all the modern devices that patch a common security threat. These are the people that open the organization up to liability.
Potential Actions To Be Taken: Company Cell Phones
Companies can distribute cell phones to their employees. Most Americans have smartphones and are constantly on them. However, if you depend on your employees to respond to emails from wherever they are, supplying them with phones might be the best option. Employees can’t be expected to dish out money for expensive phones or tablets or those associated data plan.
- Much More Secure:
As stated above, cell phones are prime targets for everyday attacks. As well, cellphones are easily misplaced or lost. Do companies really want to take a chance and let their employees lose unsecured personal devices that can have information very pertinent to their businesses? Keep in mind that employees are more likely to use weak passwords, or no passwords at all when using their own devices and apps.
- Legal Liability:
By managing company-owned devices, companies can control which applications their employees use and how. They can also retain the option to wipe company devices clean, even remotely. They can also revoke access to company accounts at any time. Furthermore, if an employee accidentally sends private client data to a personal contact, then that business is liable and is on the hook.
Alternate Action: Develop BYOD Program
An alternative is to develop a Bring Your Own Device (BYOD) Program. Based on the current cell phone market, most employees already own a smartphone or will be getting one sometime in the near future. Therefore, why not let them select the cell phones they want and then implement security measures on them? Possible pros for doing so:
- Save on Cost:
Most companies believe that buying the hardware (actual cell phone) is the only significant cost when implementing company wide cell phones. They underestimate budgeting for data plans, as well as apps that are pertinent to company data. As well, companies have to ensure that each cell phone has the correct security protocols, which is an additional cost to implement and monitor. As stated in the article, providing a web-connected cell phone or tablet can cost more than $1000 per employee. Thus, companies that implement a BYOD can save a ton of money on hardware and data plan costs and focus directly on apps and mobile security. Companies can also utilize security awareness programs that can teach their employees to be smarter with their cell phones.
- Happy Employees:
Although people like free phones, employees would prefer to choose the phones they will use for the majority of the day. Working from a favorite device, or one that is picked out personally is much easier. For instance, since the end of high school, I have been using a Mac for all of my schoolwork. However, since I have joined the workforce, the two companies I have worked for provided me with a PC that they required me to use. This caused my productivity to slow down at the beginning, as I had to get reaccustomed to the technology given to me. Although this situation is not mobile-device related, it highlights similar difficulties with handing out new mobile devices to employees.
Conclusion
Ultimately, the choice to either implement a BYOD program or fund company wide cell phones is determined by the overall needs of the business. Not every employee is required to stay connected to work through a smartphone or tablet, but if and when they do, these are very good intentions for companies to buy and maintain their own devices. On the other hand, if a company is small or if employees rarely use sensitive company data, the flexibility and cost-savings of a BYOD policy might be a very wise decision.