Professional Service Agreement

Security Concerns: Smart Phones, Laptops, Etc.

The bring-your-own-device (BYOD) movement may be popular with employees, but it may also be putting corporate data at risk due to a lack of adequate security controls, employer policies and employee education, according to a survey conducted by Coalfire, an IT governance, risk and compliance services company.

Calling BYOD-where employees bring their smart phones, tablets and laptops to work and connect to corporate networks-a "megatrend," Coalfire said that the movement toward employee-owned devices is introducing a number of new security risks and that companies need to do much more to protect their infrastructure.

Mobile Device Security Begins with a Password

The study found 47 percent of respondents have no pass code on their mobile phone, even though 84 percent of individuals stated that they use the same smart phone for personal and work usage.

Mobile device security appears to be best understood when a laptop is being used, the survey found: 80 percent of laptop users employ passwords. Only 58 percent of tablet users employ this important layer of protection.

When they learned that a strong password meant using at least 8 characters, including letters, numbers and symbols, just half of smart phone user respondents claimed to have strong passwords. Tablet and laptop users were more confident, with 62 percent and 76 percent claiming to have strong passwords.

Company Policies Also to Blame for Weak BYOD Security

Employees are not solely to blame for potential security risks associated with BYOD. Sixty-one percent of respondents said they had no knowledge of a company social media policy, and 62 percent said the same about policies for mobile device usage.

Only 25 percent of the survey takers reported a discussion from IT about mobile security, and a whopping 79 percent of respondents didn't know that IT could deactivate and erase the data on lost devices.

Recommendations to Help Secure Data on Mobile Devices

Coalfire offered the following recommendations:

� Create a mobile device policy and communicate it early and often. Make sure your employees read and sign off on the policy. Then conduct training and test proficiency.
� Use all methods available to control access to company data on mobile devices. Some of the most effective mobile device management and network access control solutions include capabilities that already exist as features of the enterprise communication platform.
� Be aware of what employees can access with their devices and zealously enforce strong passwords and password rotation.
� Regularly test your defenses to make sure that infected machines and careless users don't place your organization in jeopardy.

Mobile devices have arrived in the workplace, and it's a win-win situation when employees provide their own devices, helping to lower costs and increase productivity. But you must know the risks and manage them.

SESCO Management Consultants is available to assist with your human resource issues. You may contact us by phone at 423-764-4127 or by email at sesco@sescomgt.com.