Particularly for small and emerging businesses, encouraging employees to use their own devices – smartphones, tablets and perhaps even laptops – for work purposes is a way to keep the hard costs of going-to-market down.
The problem is that when devices are not company owned, it’s more difficult to ensure that proper security measures like anti-virus software, secure internet settings and firewalls are installed, properly managed and regularly updated.
Even when employees use devices that belong to them, not on loan from a friend or relative, it is unlikely that a business owner can exercise complete control over devices not company-owned.
Giving away control of company information is not a fair price to pay for the use of employees’ devices because the fact is that hackers are not the greatest risk to a company’s security.
Whether inadvertently careless or intentionally destructive, it is employees that are the greatest threat.
These mobility-related security measures will keep your on-the-go business protected:
Your IT policy must be mobile too
Include specific guidelines regarding the use of company- or employee-owned mobile devices in your IT policy. Everyone from top management down must be held to the same policy for it to be taken seriously, and because top management can also be responsible for security breaches.
Security basics are not negotiable
Insist on anti-virus and malware software on all mobile devices used on the company network, and don’t expect your employees to pay for it. Chances are that staff won’t remember to update their software on their own so automate the process as much as possible.
Take advantage of built-in security
All modern mobile devices have a degree of security built into the operating system, so use it. Password-protect devices, use lock-screens and consider remote access options that allow you to wipe machines that are lost or stolen.
Apple devices offer ‘Find My iPhone’, and ‘Android Device Manager’ similarly allows users to locate misplaced smartphones and tablets before company data on the devices is misplaced too.
Don’t forget to protect your network
As a minimum, protect your network with a managed virtual private network (VPN) and a dynamic firewall to encrypt network communication.
A VPN is a gatekeeper that verifies permissions when data is transferred between mobile device and business IT network.
Ask if employees have to be mobile
Consider the degree to which employees need access to company information to do their jobs, and manage their access to sensitive data accordingly.
For example, consider whether new employees require full access to your network immediately, or whether you can delay access to the completion of a probation period. By limiting access to your valuable data, you limit the fallout from a security breach.
Related: The Internet of Things
Even when employees leave the company under the happiest of circumstances, it is important to disconnect them from the company network, and prevent access to company data timeously. Consider retaining the ability to remove company data from a device remotely just in case an employee leaves the company involuntarily.
Taking risks may be in an entrepreneur’s DNA, but a cautionary approach to IT security – mobile or otherwise – is good business practise that allows SME owners to take full advantage of trends like business mobility to manage and grow their companies.