By BARRY HERRING
If you ask people what IT security means, you are sure to get a different answer from each person who answers the question. Working with companies every day, we are constantly communicating the need for security and trying to find that balance of what is needed and falls within their budget.
Let’s talk specifically about mobile security. Smartphones, laptops, tablets. Mobile devices are becoming a gigantic part of the daily business landscape. Working at a jobsite, working from home or working while traveling, most people possess a minimum of two mobile devices, typically a smartphone and a laptop.
Smartphones are a critical part of any security-related discussion. Many people forget about them and what they mean to our daily lives. First, most people, not their employer, own/lease their own smartphones. Unless your company issues smart phones, most employees will use their own smartphone for convenience. Because good employees want to stay on top of their work emails, they will configure their smartphone to retrieve company emails from the server, downloading emails that may have client data, company data and – depending upon their job – confidential employee information or attachments that contain confidential company information. This information could include employee contact information such as home addresses, personal cell phone numbers and clients’ contact information.
If an individual loses or has his/her smartphone stolen, his/her first reaction is to replace it. No need to tell the company, the individual often assumes, because it is not the employer’s phone. But what about the data on the lost or stolen phone? Much of that was company property. Now the real struggle begins. Who now has possession of my company’s data? What do they have? Are they in possession of my clients’ information, projects/bids details or potentially the proprietary work our firm produced for them?
How many employers or managers reading this article have overheard an employee say something like this? “I was on the jobsite the other day, left my truck unlocked and my phone was on the dashboard. When I got back to the vehicle, the phone was gone.” Or “I left my phone at the restaurant last night and someone took it.” Smartphones are easy targets. Most are small and easily fit into a pocket. No one notices someone with a phone in his/her hand. They are everywhere. Easy access to confidential information also applies to laptops and tablets that are misplaced or stolen.
If you have mobile device management (MDM) for these devices, you are able to do many things, some of which include the following:
- Remotely change the password and tell the device to lock itself. If the phone is recovered, the user can log in and change the password.
- Do a remote wipe of selected data, email accounts and/or company-installed programs.
- Do a complete wipe and remove all company and personal data.
- Track and locate the piece of equipment when it is turned on.
What can be accomplished depends upon the MDM software you choose. Most are managed by a central portal (website) that can be logged into from anywhere by an administrator and select features can be executed.
If your company does not have a Bring Your Own Device (BYOD) policy, you may need to create one for your employees. The BYOD policy will need to cover items such as this: If employees want to set up access to company email, access company data or install company software, they will have to allow the device to be set up with MDM. The policy may likely also need to cover how much time is allowed before an employee must report a lost or compromised device. This policy can be very comprehensive or brief, depending upon what best suits your organizational needs.
If your company does indeed issue mobile devices to employees and one of these devices is lost or stolen, an additional benefit of MDM is that you can set it up to deploy and configure applications from a central location. If you have software, email or data that you want to be deployed to a mobile device, you can push it out to all or selected devices.
Barry Herring is CEO/president of CMIT Solutions, a St. Charles/Chesterfield-based provider of enterprise-level services, products and expertise. Herring can be reached at 636.489.3669 or bherring@cmitsolutions.com.