Safeguard company data on employee phones
The following was originally published on May 29, 2016 on Seacoastonline.com.
Everyone has a mobile device, be it a smartphone or tablet. One of the key questions most business owners and managers have is whether the company should provide these tools to employees who need them or if they should allow the employee to use their own device
Whether a company should provide a smartphone and/or tablet to an employee or allow them to use their own may be driven by a number of factors. Among these factors are cost, standardization, position with the company, department and job role, just to name a few. Regardless of the decision, whether company-wide, department-wide or employee by employee, one thing you have to be sure you have in place is an appropriate mobile device policy the employee signs.
If you allow one or the other, it’s a bit easier in that you only need one policy document. If not, you will need to have one policy document for company provided mobile devices and one document for employee owned devices that are allowed to connect to company resources.
A mobile device policy document should address several critical aspects of employees’ use of these devices. These include statements related to mandatory compliance with the policy, enforcement and changes to the policy, standard definitions so there will be no confusion about what the policy refers to, supported devices, permitted and restricted uses, approved company applications, privacy and monitoring, erasure and preservation of data, sharing of devices and reporting of lost or stolen devices. Also to be included should be costs, usage, security and confidentiality as well as personal use and personal data on the same device as company data.
The policy should identify the device or devices assigned to the individual and be signed by that individual. Included in this policy of a companion policy document should be a clear statement about texting while driving, mobile device use while driving and adherence to any state laws where the employee or operating related to mobile devices. More and more states are adopting these laws. In fact, New Hampshire has one of the toughest hands-free laws in the nation. Be sure you understand it clearly.
A consideration specific to employee-owned devices is how to appropriately secure any company data on the mobile device. Any mobile device connected to company resources should be governed by mobile device management software that allows you to control what devices connect to company data as well as remotely wiping those devices in the event of loss, theft or termination of employment, regardless of the cause. The only issue with this specific approach is that any personal apps and data on the mobile device will be lost if it is wiped. Therefore, you need to be sure your mobile device policy makes it clear the employee is responsible for backing up their personal apps and data on the device as it could be lost.
Better technology is also available to help with this. Mobile device management tools exist that allow you to specify not only which devices are allowed to connect to company resources, but more importantly, what apps and data are company apps and data. This allows a mobile device to be selectively wiped, only erasing apps and data that belong to the company, leaving the personal apps and data intact. This type of technology presents a much more effective way to manage these devices while being certain company policies and data are properly safeguarded.
If you have employees using mobile devices, even if just to access email, be sure you have these things in place. If you have not been audited for these requirements yet, it’s only a matter of time, so be proactive and get these policies and technologies in place to protect your business.