How many of your employees have smart phones? Probably a high percentage. If so, do you recognise the risks that employees with smart phones can pose to your organisation?
First of all consider what might happen if an employee lost their mobile phone. Inconvenient for them of course.
But what if they have synched Outlook with the phone? Someone who finds it could have access to emails, office contacts, their work calendar…
If that is the case then you will want to know that their phones are protected with a good password. But you also need them to agree to allow remote locking and wiping on their phones so that if they do lose their phone you won’t lose confidential information.
Smart phones can be turned into spyware.
Malware can be used to hack into content on smart phones meaning that sensitive emails and office calendars can be read by outsiders.
But there’s worse. There are freely available apps like flexispy that can remotely spy on call logs and emails; track location; and even record surroundings. A phone that contains software similar to flexispy could potentially create an audio record and even a video record of a business meeting with the owner totally unaware.
At present this would probably involve someone having access to the physical device, unless of course the user downloads malware masquerading as a genuine app that requires access to the devices’s microphone or camera.
Education is key. And there is a case for insisting that employees who wish to bring smart phones into your premises are obliged to install appropriate protection software. You might even want to go as far as forbidding the presence of mobile devices (including iPads) in important meetings (which if you want to improve productivity wouldn’t be a bad idea anyway!)
Do you want your competitors to know where your employees are? What if you are negotiating a tie up with company in another city? Or investigating whether to export o an overseas territory?
You don’t need to have a phone infected with malware to give this information away. An employee taking photos and uploading them to a social media platform might accidentally disclose this information for instance via the Facebook Timeline Map.
If the location of an employee is at all sensitive then you need to educate them to edit the location settings on their phones and their Google accounts.
Managing the risks
The more employees’ personal mobile devices are given access to corporate information, the greater the requirement for organisations to understand and take action to manage the risks of information leaking those personal devices.
Educating employees about the risks is the cornerstone of any strategy. But a requirement that employees implement security software on any personal devices brought into a corporate environment is also increasingly important.