These five tips can help you find the balance between keeping your organization's data safe and preserving your employees’ right to privacy.
- Define and publish your policies.
Security and privacy are not the same thing. Organizations should have well-defined mobile device policies that cover both company-issued devices and employee-owned devices. Similar to privacy policies on websites, a mobile use policy should spell out what device data will be collected and how it will be used. Make sure employees are aware that personal information may be exposed or erased in the event that a device wipe is required. Employees will need to acknowledge and accept your mobile device policy before their devices are allowed to connect to the network.
- Collect the minimal amount of data necessary.
If your organizational needs don't require gathering data from employees' devices, then don't collect or store this data. In fact, Gartner recommends that organizations disable location monitoring by default, unless it's essential for regulatory or business purposes. As a practice employers need to avoid monitoring location data unless it is required for compliance or other real business need.
- Protect data without impacting personal apps.
To protect your organization’s sensitive data, use mobile application management tools to containerize, manage and protect applications. This will keep enterprise data separate from personal data and their privacy protected. If your employee's device is lost or stolen, you have the ability to perform a selective wipe if your data is stored in a container. Other tools such as cloud access security brokers can help limit access to files and data stored in the cloud, and organizations should insist on mobile devices that support encryption for the data that is stored.
- Provide employees with apps to secure devices.
Define standard configurations that prevent devices from automatically connecting to unknown networks. This configuration should be applied before you allow employees to use personal devices for business use. One way to accomplish this is to create a company app store where employees can obtain the necessary applications, such as approved antivirus software, to keep malware from reaching devices.
- Make employees your partners in data protection.
Educate your employees on how to avoid phishing scams, unsafe downloads and malicious links that could install malware on their devices and ultimately infiltrate the organization's network. Make sure employees understand the importance of strong passwords and how to backup their personal data, so they'll be able to restore their own information if an incident requires wiping of the device. Employees who don’t understand the privacy policies and associated risks may be less likely to report a lost or stolen device.
Mobile Threats on the Rise
Mobile threats are on the rise, and it's more important than ever that mobile device security is part of your overall network security strategy. The growth of the cloud has increased the potential for data leaks, and organizations need to address the need for security protocols without compromising employee productivity or privacy.
Our mobility experts can help you understand the threat landscape, assess your current infrastructure for weaknesses, and suggest a roadmap for keeping your data and your employee devices safe. Contact us for more information or a complimentary consultation.