Today, smartphones, laptops and removable media provide opportunities for businesses to increase productivity by transforming a workplace formerly constricted by office location and core hours to one where customer needs are addressed anytime and anywhere. By utilizing mobile devices, employees can access business records and applications away from their desk, reducing employee downtime and improving customer satisfaction.
The mobile world is transforming the workplace through:
- Mobile devices supporting email, web browsing, data storage and enterprise mobile applications
- Ubiquitous, high-speed, broadband wireless data networks transporting mobile device communications over the Internet
- Information systems infrastructure allowing tele-worker access to business records and software applications anytime, anywhere
However, the use of mobile devices for everyday business activities also introduces significant risk. Devices can be lost or stolen. Employees may download malware infected applications and files to their device. Unauthorized parties can eavesdrop on confidential communications. Hackers can use mobile devices as entry points into the corporate network, placing the business at risk. A comprehensive information systems security policy is required to address these and other risks.
A security policy outlines the appropriate handling of confidential business records and communications, identifies scenarios possibly leading to information loss or leakage and determines countermeasures for mitigating risk, thereby ensuring safe and secure mobile business operations. Countermeasures can include device locks, firewalls blocking hacker attacks and employee training on proper device usage. Managers, IT specialists, business analysts and other stakeholders work together to construct and implement a security policy.
Under an effective security policy, devices are managed. Employees can only access business assets utilizing managed devices, authorized applications and accepted data communication encryption. Moreover, to ensure that malware issues are resolved, devices must have up-to-date software versions and patch levels.
A security policy defines procedures for device handling. Employees are trained to lock a device while it is unused and only enable authorized device applications and resources. Downloading of games, applications and files for personal usage should be prohibited.
Policies should only allow employees access to business records and applications after an authentication process. Furthermore, an employee is only authorized to access business records and applications specific to their job in accordance with Role Based Access Control.
Mobile devices are essential for business service delivery that maximizes customer satisfaction. A strong information systems security policy provides businesses with a framework for assuring that productivity gains promised by a mobile world will be realized safely and securely.
Daryl L. Thompson is founder of Thompson Network Consulting LLC. He has 15 years of experience in implementing secure data networking solutions for businesses of all sizes. For more information, please visit www.thompsnet.com or email darylthompson@thompsnet.com.