It’s more the rule than the exception these days that mobile devices are employees’ preferred computing endpoints. The ubiquity of mobile devices, combined with near 24/7 use, can provide a big boost in employee productivity, but it also increases the risk of data compromise exponentially. SMBs, which often work with a mix of in-house and freelance professionals and may have fewer security and IT resources than larger companies, are especially vulnerable. However, there are steps that companies can take to mitigate risk while exploiting mobile technology.
A recent Forrester survey shows that some 43% of small-business owners say they’re prioritizing data mobility. Indeed, sensitive company information is increasingly being accessed and stored on mobile devices–some corporate-owned, some personal–which increases the risk of compromise.
Companies have to take precautions to make sure that data is protected, but they don’t have to panic: Here are five crucial steps organizations must take to keep data, employees and customers safe, even in the ever-changing bring-your-own-device (BYOD) environment.
- Analyze: Root out potential pain points that may arise from the use of personal devices for business purposes. For example, is there information that simply should not be accessed and/or stored on a mobile device? Are there categories of users who absolutely must have mobile access to certain applications and data? Will that access warrant increased security measures?
- Engage: Survey the types of mobile systems used by your employees now, and keep an eye on device, mobile operating system and app news–you want to anticipate what mobile hardware and software employees will be using in the future, as well.
- Set policies: Policy is key: You must explicitly inform users about what they can and can’t do, and get them to sign off on these rules. Policy should determine, among other things, what devices will and will not be supported. When it comes to who gets access to your network, set parameters based on employee/contractor role and location. Also, your team members invite greater risk every time they connect to unsecured wireless networks, download and install unapproved apps, visit possibly malicious websites, and/or leave their mobile device unattended. Your policies should cover these activities, as well,
- Plan ahead: Map out the procedures to be taken when devices are lost, stolen or damaged. Encourage reporting and honesty.
- Implement monitoring and defense: Research vendors and decide what kind of IT technology and assistance makes sense for your business. Spending money on technology like internal app scanning and external monitoring can save you the expense of financial damage and ruined reputation by finding evidence of spam and malware activity before it becomes a public disaster.
You can’t stop every criminal out there or prevent every end user from doing careless things. However, with some thought and planning, you can keep your small business — and its staff, customers and partners — safe while providing them with all of the opportunity that mobile technology affords. A little work now saves a lot of grief later, so spend some time on your mobile data security plan.