Mobile Devices in the Workplace: Risk v. Reward

Mobile devices. If it seems like they’re everywhere, maybe that’s because it’s true. Apple sold more than 20 million iPhones in the third quarter alone and a recent survey suggest that consumers are buying Android devices at an even faster rate than they’re buying Apple devices.

This explosion of mobile technology has businesses struggling with a new challenge: What do we do when employees want to connect mobile devices to the network?

The easy solution to this challenge is to hand it to the information technology manager with the statement, “Just make it work.”  However, this isn’t an IT decision.

Jerod Brennen

It’s a business decision.

The benefits of permitting mobile devices in the workplace can be numerous. Embracing mobile devices can be a positive branding move. It can result in increased flexibility and availability for employees. Operating expenses can be reduced by providing employees a stipend for mobile devices, a stipend that is less than the cost of purchasing and supporting those devices internally.

The risks of permitting mobile devices in the workplace are equally as numerous. What happens when a mobile device is lost or stolen? Is there sensitive company information stored on that device? If the device still has access to business systems, could a malicious individual gain access to those systems? Best case, the malicious individual causes damage that takes those systems temporarily offline. Worst case, your company ends up in the news as the subject of a data breach story.

Again, this is a business decision. Risk versus reward.

While you could hang a sign above your company’s entrance that reads, “Abandon all mobile devices ye who enter here,” it is possible to enable employees to securely use mobile devices for business purposes.

The very first thing you need to do is document your mobile device policy. Determine what is acceptable to the business and what isn’t, and then write it down. What types of devices are permitted to connect to the network? How do employees request approval to add their device to the network? What can employees expect in terms of privacy as soon as their device is connected? What happens to that device (and the data) if an employee leaves the company?

Once that policy is in place, the next step is to train your employees on that policy. Let them know what’s expected of them. Chances are that your company already has a training program in place for new hires. How simple would it be to add a section on mobile device usage to the existing training? More importantly, remind your employees at least once a year about that policy.

It’s important that this training addresses how employees can mobile devices securely for non-business purposes. Are they using mobile devices for online banking? Online shopping? Facebook? Train them on how to be secure with their mobile devices in these scenarios, and those same habits will carry over to their mobile device usage for business tasks.

Once you’ve addressed policy and training needs, now it’s time to hand it over to IT and let them do what they’re best at. Engage the information security team to determine security settings for devices. Settings such as passcodes, automatic screen locks, and Bluetooth connectivity need to be configured securely.

You’ll also need to implement a system to manage devices that connect to the business network. Mobile Device Management systems are capable of tracking lost or stolen devices, remotely installing company approved software (or deleting unapproved software), and remotely removing data from a device to prevent a possible data breach.

If it makes sense to use mobile devices in your company, you don’t need to say no. You can say yes, as long as you say yes securely.