Do you feel good about your privacy and security accomplishments in 2011? You secured your firewalls? Check. You completed an audit of all the company laptops and finally put encryption in place? Check. You wrote your data breach plan and secured your insurance coverage? Check. And just when you thought the worst was behind you, at least half the company showed up in January with a new smartphone or tablet they want to have access to the network. Were you ready for this?
Most companies have historically controlled mobile access by issuing standard smartphones that could be secured and managed within the network. But more companies are realizing that employee preference for brands and the proliferation of tablets in the workforce are making this practice obsolete. We are now in the era of BYOD (Bring Your Own Device). As company control is waning, the power of mobile devices is on the rise. Mobile devices can easily store enterprise data that makes them even more vulnerable to loss or theft. You can't afford to ignore these devices, so you must incorporate them into a secure environment. Here are five steps to take to ensure your data is secure on mobile devices:
1. Establish a Policy: A clear policy will help you guide users to choose devices you can support and better understand their responsibilities in securing those device. A policy should outline the devices you support, the process to gain network access, required security measures, restrictions on applications and what to do in case of loss or theft. Consider establishing a remote wipe capability to reduce the risk of data loss or theft. Because technology changes so quickly, resist the urge to be too detailed in your approach. Adopt a methodology that will cover a range of devices.
2. Establish Centralized Control: Even if the device is no longer a company asset, access to company data (regardless of the device) should be centralized. Knowing who has access, what data are accessed and when they are accessed is key to any data audit. As you modify your practices, make sure you maintain compliance with regulations, client agreements and your own data policies.