Many organisations are replacing desktop PCs with laptop computers and rolling out tablet computers and smart phones to teams working outside of the office. These mobile devices are contributing to improved efficiency and are undoubtedly popular with employees, but they are also inherently vulnerable. To minimise the risks, organisations must develop specific mobile device management policies – and then enforce them.
The figures make interesting reading. In 2012, Gartner predicts that PC sales will reach about 400 million units worldwide. This sounds a lot, but Gartner also forecasts that over 600 million smart phones and 100 million tablets will be sold in the same period, indicating that mobile devices are now significantly outpacing traditional PCs in popularity.
An increasing number of these mobile devices is likely to be employed in corporate environments. Organisations, large and small, are now using tablets and other portable computing equipment to realise significant improvements efficiency. Indeed, in a survey of 6,275 global organisations, conducted by Symantec (2012), 70% of respondents said they expected smart phones and tablets to increase employee productivity.
Whatever their potential value, mobile devices nevertheless pose an enormous security risk. They are, after all, easy to accidentally misplace and highly lucrative prizes for opportunistic thieves. If lost or stolen, smart phones and tablets could be used to gain unauthorised access to corporate systems, steal data and maliciously infect core business applications.
Given the risks, it is absolutely essential for organisations today to have a comprehensive mobile device management policy in place. This policy must cover security policy, application control, configuration control and a host of other precautions.
Ten important points to address in a company policy include:
- Password protection across all mobile devices, enforced for all users
- Encryption of all data on local memory and removable memory
- Methods of installing, disabling, removing and controlling permitted applications
- The use or prevented use of public WiFi networks and Bluetooth in some locations
- Provision and maintenance of anti-malware software
- Regular data back-ups
- GPS and tracking mechanisms to detect the location of devices
- Secure methods of connecting to the corporate network to exchange data (such as a virtual private network)
- Effective management of assets: who has mobile devices, where, when and why
- Access to IT support and maintenance for remote workers
Once a company policy has been developed, it is of course essential to enforce it. Employees must be educated on the importance and relevance of the policy and measures should be put in place to monitor their adherence.