With online security threats becoming a daily challenge in many industries, most IT managers are focused on shoring up network security. With the focus on computer hackers and online security breaches, little attention is given to the risk and liability that nearly every company has in its wireless usage. However, if companies would just pay the same attention (or even a fraction as much) to their wireless platforms as they do their IT platforms, major liabilities would be mitigated.
According to a recent survey by In-Stat research group, only half of all mobile devices used for business are actually paid for by the company, making cell phones, BlackBerry devices, and PDAs unlike any other piece of office equipment. However, the amount of information that flows across these devices often rivals what is on the computer in today’s mobile workforce. In most cases, there isn’t a policy of any sort in place to protect companies from risks presented by these devices.
There are two main issues that present a risk to companies that rely on mobile devices.
Corporate Reimbursement of Wireless Expenses
In many cases, an employer reimburses employees for a portion of their wireless expenses, but the phone belongs to the employee. The employee has all professional contacts synced with his PDA phone, owns the phone, and pays the bills. When the employee leaves, he takes his phone number (which all of his clients have) and all of the data on the device – if the company doesn’t own it, the company can’t keep it.
A company would never let an employee keep a PC – so why would they let him keep his mobile office phone number and client data?
No Formal Wireless Policy
Companies that own their wireless service — meaning the company provides the phones and negotiates the rate plans — have made a tremendous first step toward wireless security. However, many companies either do not have or fail to enforce a formal, effective wireless policy. Virtually every company has an employee manual, but few address wireless use.
An effective wireless policy should accomplish three things. The policy should:
define how the devices are used (and not used);
define why it is necessary to have corporate oversight; and
define what happens if the employee leaves the company.
It can be simple – the point is to have something in place and enforce it.
Software solutions also exist to ensure complete protection, especially for the BlackBerry and other PDAs, where much more detailed information is often created and shared. For example, BlackBerry BES software has the ability to totally control a mobile device by giving IT management the ability to require a password and even completely wipe a lost device clean of all data. The software also allows IT management to restore the data if the device is found.
As a professional with more than 15 years in the wireless industry, I advise you to bring your wireless program in-house – you will actually save money with corporate discounts, volume purchasing, the right provider, and the benefit of consultative advice from a wireless expert.
Once you’ve taken this step to control the lines, then you must create and enforce an effective wireless policy. If you’d like to see sample wireless policies, or just want advice on what your wireless security program should include, email me at firstname.lastname@example.org.
We’ve all witnessed high-profile corporate scandals related to online security shortcomings. The wireless telecommunications industry is in widespread agreement on one point: It isn’t a question of if there will be similar challenges related to wireless security; it is only a matter of when. As usage of mobile equipment, especially BlackBerry and similar “smartphones” continues to expand well beyond upper management, risk will continue to increase. The same challenges we face with PC’s – viruses, worms and hackers – will begin to surface within mobile data as well.
Spend some time now (and it doesn’t take much) securing your wireless program to save yourself time and unnecessary risk in the future.