We don’t need studies and surveys to confirm what is evident in a growing number of business environments today: more and more employees are using their personal smartphones for work; the line between personal and office use is becoming ever so blurred.
The era of the ‘mobile employee’ is here whether people accept it or not.
What does this mean for IT management in organizations? It is certainly a new challenge that brings with it added pressures to keep the network secure, running effectively, properly managed and flexible enough to cater to the needs of those employees who want (need) access to confidential corporate data about the physical workplace.
Computer World recently issued a white paper discussing the ‘mobile’ challenge and how businesses, regardless of size, can address it. The following are some basic steps and recommendations that IT management should take to manage the growth in usage of employee-owned smartphones in the workplace:
1. Come up with a smartphone policy that works best for your business
Mobile strategy experts argue that it is backward logic to ask if all smartphone devices should be incorporated into the network or just some of them (if not a single model), adding that the kind of devices allowed within the network should be dictated by a policy that should already be in place.
The various models and a different OSs are not of much a concern if security measures (such as password protection, data encryption, and remote lock) and management capabilities (such as a remotely wiping out company data from a device) are in place.
The same process for creating strong passwords for computers can be adopted for smartphone use: the more obscure, the better and stronger the password. At the very least, basic security and malware protection should be present on every device; if they are not compliant with the policy, they are not allowed on the network.
Although the internet has become a platform for criminals to target businesses and compromise their systems, more often than not, the biggest danger to a business’s security is its employees because they have access rights to company-sensitive information. This is why a smartphone policy is a must (even if none of your employees is ‘mobile’ yet).
2. Educate your employees
Once the policy has been created, IT management needs to enforce it and ensure all employees are aware of what the policy says. Organizing meetings for each department is a good start and it is also an opportunity for employees to ask questions, raise concerns, and also provide feedback that may be incorporated in a revised policy.
Management should also emphasize that once employees connect their personal smartphones to the office network, the personal data and ownership could be affected. Case in point, if a smartphone has been connected to the office network and is reported lost, the IT management of the company can remotely wipe out all data on the smartphone, even if that includes the employee’s personal files (images and video clips).
The same situation may arise when an employee leaves the company. Furthermore, certain applications on the smartphone and certain capabilities (multimedia, such as the camera), GPS and USB connectivity can be disabled by the IT management.
“There are legal implications to an inclusive smartphone strategy that suggest IT management might want to consult with corporate legal counsel. For instance, hourly workers who email with managers after work hours may be able to claim overtime benefits. A clear policy must be in place that delineates work-related functions and their proper execution, including appropriate work hours,” the experts advise in the white paper, adding: “Be strict, but not too strict. It’s important to be consistent…”
3. Improve. Improve. Improve
The smartphone policy should not be something that is etched in stone or left to collect dust in the IT’s backroom. IT management need the policy to be as flexible, efficient, and adaptable to new and advanced smartphone technologies. IT should be prepared to regularly amend the policy to maintain standards (if not enhance them) but without compromising security and the business’s capability to manage these devices.
Taking a proactive approach to this growing ‘mobile employee’ trend in business environments is important for IT administrators. Acting now before the crunch is way better than trying to address the ‘problem’ in piecemeal fashion when it’s too late and decisions are harder to make and policies harder to enforce.