Fashionable But Vulnerable: Mobile Devices In The Workplace

Many organisations are replacing desktop PCs with laptop computers and rolling out tablet computers and smart phones to teams working outside of the office. These mobile devices are contributing to improved efficiency and are undoubtedly popular with employees, but they are also inherently vulnerable. To minimise the risks, organisations must develop specific mobile device management policies – and then enforce them.

The figures make interesting reading. In 2012, Gartner predicts that PC sales will reach about 400 million units worldwide. This sounds a lot, but Gartner also forecasts that over 600 million smart phones and 100 million tablets will be sold in the same period, indicating that mobile devices are now significantly outpacing traditional PCs in popularity.

An increasing number of these mobile devices is likely to be employed in corporate environments. Organisations, large and small, are now using tablets and other portable computing equipment to realise significant improvements efficiency. Indeed, in a survey of 6,275 global organisations, conducted by Symantec (2012), 70% of respondents said they expected smart phones and tablets to increase employee productivity.

Whatever their potential value, mobile devices nevertheless pose an enormous security risk. They are, after all, easy to accidentally misplace and highly lucrative prizes for opportunistic thieves. If lost or stolen, smart phones and tablets could be used to gain unauthorised access to corporate systems, steal data and maliciously infect core business applications.

Given the risks, it is absolutely essential for organisations today to have a comprehensive mobile device management policy in place. This policy must cover security policy, application control, configuration control and a host of other precautions.

Ten important points to address in a company policy include:

  • Password protection across all mobile devices, enforced for all users
  • Encryption of all data on local memory and removable memory
  • Methods of installing, disabling, removing and controlling permitted applications
  • The use or prevented use of public WiFi networks and Bluetooth in some locations
  • Provision and maintenance of anti-malware software
  • Regular data back-ups
  • GPS and tracking mechanisms to detect the location of devices
  • Secure methods of connecting to the corporate network to exchange data (such as a virtual private network)
  • Effective management of assets: who has mobile devices, where, when and why
  • Access to IT support and maintenance for remote workers

Once a company policy has been developed, it is of course essential to enforce it. Employees must be educated on the importance and relevance of the policy and measures should be put in place to monitor their adherence.

SHARETweet about this on TwitterShare on LinkedInShare on FacebookShare on Google+Pin on PinterestDigg thisShare on RedditShare on TumblrShare on StumbleUponEmail this to someone

Simon Heron is Internet Security Analyst at Network Box (UK), a managed security company, where he is responsible for developing the overall business strategy and growth. Simon has more than 16 years experience in the IT industry, including eight years experience in Internet security. During this time he has developed and designed technologies ranging from firewalls, anti-virus, LANs and WANs. Prior to Network Box, Heron co-founded and was Technical Director of Cresco Technologies, a network design and simulation solution company with customers in the U.S., Europe and China. Before that he worked for Microsystems Engineering Ltd, as a Project Manager, where he implemented network security for the company.