Are Personal Mobile Devices a Security Threat to Your Business?

Be Structured Blog Images 0000s 0001 Layer 3

In today’s world, just about everyone has a cell phone. For businesses, that means employees have a powerful tool at their disposal—one that is also a potential avenue for distraction or, worse, dangerous security exposure. Developing a bring your own device (BYOD) policy is critical to facilitating a more mobile workforce while ensuring that your team members are using their devices to maximize productivity.

With this in mind, Be Structured, a Los Angeles-based IT support company, has outlined four key factors to consider as you begin developing a BYOD policy for your business.

Which Mobile Devices Are Allowed?

The phrase “mobile device” has become an umbrella term that a variety of electronics may fall under. Mobile devices may include cell phones, tablets, laptops, smart watches, handheld gaming consoles, portable music players, and digital cameras.

Productivity is the key to how mobile devices are utilized within the workplace. If you have a client who prefers being contacted via text, then your phone becomes your key go-to for making that client feel unique and always within your reach.

On the flip side, many employees abuse the freedom of having their mobile devices at their work station. Texting friends, tweeting updates about last night’s game or even checking Spotify to see what new music has dropped that day will kill productivity and decrease focus on the business tasks at hand.

When you develop a BYOD plan, the natural place to start is by clarifying what’s allowed and what isn’t. That way, you don’t have to worry about policy loopholes being exploited later on. Do you want employees to only be able to use smartphones during business hours? Make sure the policy explicitly states which devices are allowed and which devices have to stay at home.

Mobile Security Policies

Once you’ve established what devices are allowed, the next step is ensuring that the mobile devices your team uses won’t leave your business’s network vulnerable to security breaches. Mobile security measures can be as simple as requiring that employees use passwords and lock screens to protect the devices they bring.

You can even require that they install security software that proactively monitors devices for threats.

However, since mobile devices and the workplace have become so commonly linked, many employees unknowingly keep access to sensitive, private material from their company stored in apps or in bookmarked links on their smartphones or tablets. The company data then becomes vulnerable to a variety of ways the mobile device, and thus the business’s core data, can be breached.

The most common mobile security threats include

  • Data Leakage – usually hiding in free apps where innocent users grant permission without thoroughly checking security.
  • Network Spoofing – where phony Wi-Fi services lure users to join and create an account, often using a username and password they’ve used before.
  • Phishing Attacks – when users open an attachment on their mobile device that looks legit, but ends up infecting their entire OS.
  • Spyware – aka “Stalkerware” where an app is installed to track the owner’s whereabouts. If an employer ever asks you to install such tracking software so they can log how long you’re at a meeting, just say no.
  • Broken Cryptography – where apps have been created with weakly encrypted algorithms that leave “back doors” wide open for hackers to exploit and crawl the user’s device for passwords and other info.

Because using mobile devices at work is a privilege, not a right, a BYOD security policy is critical to protecting your business’s data and network.

While security issues relating to mobile devices remain a major concern for companies worldwide, in larger cities like Los Angeles, IT support companies can help assure that every employee’s device is set-up with the greatest security protection possible. For businesses large or small, the investment in consultation is worth the risk of breach. 

Establishing Boundaries

Since employees still retain ownership over their devices, you need to determine where your responsibilities for these devices begin and end. Your BYOD policy needs to outline what level of support your IT team is willing to offer for employee-owned devices.

How far are you willing to go to ensure that an employee’s device is able to connect to your network? Will you provide temporary devices in the event that an employee’s primary device is being repaired or replaced? By clarifying your duties beforehand, you can save a lot of trouble and miscommunication in the long run.

Which Apps Are Allowed?

Beyond establishing which devices are allowed, you also need to outline which applications are permitted during business hours. If using social media isn’t a part of the job, you may want to consider whether you want employees using social media at work.

Beyond apps that present potential distractions, apps can also create potential security vulnerabilities on devices with sensitive company data. A managed service provider in Los Angeles will help educate local business owners as to which apps your employees are using at work is the first step to ensuring that they have the tools to focus on the task at hand while protecting your company’s data.

Trust is a key component in the employer-employee relationship. You hired Bob Beluga for a reason and if you think Bob’s going to spend more time updating his Facebook profile than calling clients, then your judgement as an employer is poor to begin with.

Personal devices cannot be confiscated by employers, but if a business does want more control over what’s being used on a phone, then issue key employees who rely on mobile devices to make business happen on a company-sponsored device.

This gives the employer greater discretion as to what the employee can and can’t access during business hours to the point of even blocking specific apps for safety like social or cloud-based apps on that phone.

Learn how a Managed Service Provider like Be Structured can help your organization better develop a BYOD policy.

About Chad Lauterbach

CEO at Be Structured Technology Group, Inc. a Los Angeles based provider of Managed IT Services for small business. I desire to help small businesses better utilize technology by assisting in high level planning to make sure that new systems will benefit them both operationally and financially. I am careful to implement and support systems using industry best practices.