Smart phones can boost productivity among small business employees but the conveniences of the devices aren’t without risk. From data breaches to mobile viruses small businesses put their operations in jeopardy when employees use their smart phone for both work and play.
“Small businesses and large businesses have the same problem: controlling smart phones,” says Larry Ponemon, Chairman and Founder of the Ponemon Institute, a research firm. “Everyone has it and everyone uses it even if there’s security related problems.”
Long gone are the days when mobile phones were used simply to make calls. These days smart phones are just as powerful as laptop computers, enabling users to do a host of things that used to be reserved only for a PC. But the added capabilities and massive adoption rate have made the phones targets for fraudsters. Data theft is the main threat, but viruses and malware designed to capture sensitive information have also been emerging. While the risk is shared across all size businesses, small businesses are easy prey for these attacks.
“Small businesses are being targeted a lot more these days because there’s the presumption that small to mid-sized business don’t have the same security measures or personnel in place that the large businesses do,” says Tom Field, editorial director for Information Security Media Group. “They are getting fleeced by cyber thief’s that are able to use malware to hijack online banking accounts.”
But before you ban what is becoming ubiquitous if not a necessity among the professional sect, follow these three tips to balance smart phone security with convenience.
Have a plan
Let’s face it chances are high your employee is going to have a smart phone and that the employee is going to want to use that phone for work as well as for play. Instead of fighting something that can boost productivity, embrace it smartly by putting in place policies governing what employees can and can’t do with their phone.
According to Ponemon make it clear that employees shouldn’t visit questionable Websites or download unfamiliar content while connected to the company network, nor should they store old email attachments on their phone that could fall into the wrong hands if the device is lost or stolen.
Field of Information Security Media Group says small businesses should also incorporate penalties into the policies like limiting remote access to sensitive data if policies are broken. “People are very casually logging on to their email or going to the company site using a smart phone all the while they have critical data,” says Field. “You’ve got to have policies established as what can and cannot be accessed.” It’s not enough to verbally explain your rules, both said the policies should be in writing and employees should sign an agreement, similar to how companies make employees sign Internet usage agreements.
Protect data if phones are lost or stolen
While viruses and malware are starting to pop up on smart phones, the biggest risk for small businesses is lost or stolen mobile devices. “It’s a very common scenario in major cities,” says Khoi Nguyen, group product manager at Symantec, the security software company. Thieves are targeting smart phones not only because of the value of the device but also because of the data both corporate and personal that resides on it, he says.
To protect the business, Nguyen says companies need to have a pass code policy in place and enforce it. That way if the device is lost or stolen the thief won’t be able to access any data on the phone unless the password is hacked. To feign off more advanced scammers, Nguyen says the company should also require encryption to be enabled on all the phones. With encryption, even if the phone’s data is accessed the scammer won’t be able to read it.
When all else fails, the phone should have some sort of software on it that will remove all the corporate data. “A lot of companies when they do allow personal devices in the environment require employees to sign an end user agreement that it’s possible they may need to remotely wipe the device including personal data,” says Nguyen.
Surf with caution
Just like with a computer, smart phones make it very easy to surf the Web, download apps and even click on links that may not be safe. To prevent any viruses from ending up on the network, Ponemon says companies have to make sure the devices are clean before they are connected o the network. According to Ponemon antispyware and antimalware software is relatively inexpensive and is designed to clean the phone of any infections.
If the employees surf the Web in a public setting, Nguyen at Symantec says the employee should use the company’s virtual private network whenever possible. Lots of smart phones have built in capabilities that enable the user to access a company VPN, preventing them from surfing via a fake WiFi hot spot that could be designed to capture data, he says.
“These things do cost money,” says Ponemon of smart phone protection. “Small businesses may have to spend $300 to $400 per smart phone which may not seem like a good investment until they lose the device.”
