BYOD: Mobile Security Tips for Small Businesses

Sunday, September 16, 2012

Robert Siciliano

37d5f81e2277051bc17116221040d51c

Many employees have come to expect that they should be able to use personal smartphones and other mobile devices at the office. This creates problems for IT managers.

A company’s IT staff may have a solid grasp on company-issued laptops, desktops, and even mobile phones, but it is almost impossible to control the results when employees begin connecting various types of personal devices to the company’s network.

When you get that brand new Droid, load it up with apps, and then plug it into your work PC in order to update or sync necessary files, your company’s IT guy has to worry about whether that last app you downloaded might infect the entire network.

study by ESET/Harris Interactive found that fewer than 10% of people who use personal tablets for work have enabled auto-locking with password protection. Only one in four secure the personal smartphones they use for work, and only one in three adequately protect their laptops.

With well over 50% of employee’s personal devices left unsecured, lost phones, laptops, and tablets constitute a significant data breach risk.

Corporations that do allow employees to use personal devices at work have responded to this problem by implementing a BYOD (“bring your own device”) policy to help IT staff manage these devices and ensure network security.

So, what’s the difference between personal and employer-issued mobiles in the workplace? The short answer to this question is: there is no difference.

smartphone provided by your employer requires a “company mobile liability policy.” This means they not only provide and pay for your mobile device, they also dictate what you can and can’t do on the device.

In many situations, the employer may have remote capabilities to monitor activity and, in the event of loss or employee termination, wipe the data.

“Employee mobile liability policies” are for employees who prefer to BYOD. While these employees may pay for their own devices and their monthly data plans, but the same restrictions can (and should) be imposed on employees who use personal devices at work.

If you choose to use your personal device for work purposes, at any time, for any reason, your employer will more than likely want control over that device. This means that, again, your employer may have remote capabilities to monitor activity wipe your device’s data if it is lost or you resign or are fired.

In both situations, the employer will be liable for leaked data. So if you choose to BYOD, be prepared to give up some liberties.

Robert Siciliano, personal security expert contributor to Just Ask GemaltoDisclosures

Possibly Related Articles:
5106
PDAs/Smart Phones
Enterprise Security Mobile Devices Remote Access Employees Mobility Policies and Procedures BYOD
Post Rating I Like this!
Default-avatar
Spencer Parkinson Something to keep in mind is that one of the key ideas behind a BYOD approach – and this is to benefit both the company and users – is to actually lessen the corporate footprint on personally-owned devices. As this blog post points out, however, the company is still liable for any of its data that gets leaked via a personally-owned device. One solution to this apparent conflict is for SMBs to look to mobile application management (MAM) technology. MAM lets organizations manage and secure just their apps and data without having to place a stranglehold on entire devices and subsequently incur the costs of completely managing user-owned phones and tablets.

Spencer Parkinson
Symantec
1347937519
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.