The numbers say it all: sales of mobile devices are slated to surpass sales of personal computers by 2012. Users accessing email are doing so more and more from mobile devices. And all these new devices are infiltrating the workplace to boot.
Today’s mobile workforce are bringing their own devices to work (BYOD—bring your own device—is becoming the latest acronym in the workplace). Companies know to ensure the safety of their networks from the onslaught of personal mobile devices. But as an end-user, what should you do to keep your personal device—and the information it holds—protected while connected at work?
There’s really just one simple thing you should know before logging on to your company’s network. According to Andrew Borg, senior research analyst, wireless and mobility at Aberdeen Group, it’s your company’s policy regarding mobile device use.
Policy? What policy?
It may sound simple, but being and staying well-informed of corporate policies will benefit both you and your employer. Here’s why: it’s not all your data even if it is on your device. What you access from your company is more or less on loan—you can use it while you’re there, but you can’t take it home for good.
Imagine if you lose your smartphone. Before you can call the restaurant where you believe you’ve left it, your company may have already wiped the contents—both theirs and yours, permanently.
“End-users should understand that there’s an implicit ownership of any corporate data they may access on their personal devices,” says Borg. “At no point will the corporation say you own the corporate data on your phone just because it’s yours.”
Who controls the data on your mobile device?
Also bear in mind that if the organisation can control access to its data on the device, it has the right to erase it. That means you could lose everything from irreplaceable pictures to purchased music files and personal contact information. It’s unlikely that an organisation will take its intellectual property on your missing device lightly. And your personal data is the least of its worries.
It’s not just your company’s prerogative to enforce policies on personal device use at work; it’s wise for end-users, too. If you know what to expect when your personal device is compromised, you’ll know how to protect your personal information.
According to Borg, end-users should ask the following of their companies before logging onto the network:
What is the corporate use policy?
How will it be enforced?
What is the expectation regarding disposal if the device is lost or stolen?
Is my device approved?
Is the device up-to-date with the latest versions of software?
What happens when I leave the company?
It should be noted that keeping your device’s software up-to-date is always advisable–as is backing up your personal data regularly. Ensuring these basics are standard best practices, regardless of where, when and how you use your mobile device. But they’re doubly important when you decide to entangle your business and personal lives on one mobile device. Especially if your company clearly states that once you’re gone, so is all the data on your smartphone.
The benefits outweigh the costs.
But as Borg notes, “We’re dealing with these hassles because mobility is such an advantage. There will always be risks that come with such huge advantages.”
Advantages like increased productivity, connectedness and employee control. “Think back to the ‘Crackberry’ phase, where users were practically never without their BlackBerrys. Many thought that it was just the company that came out ahead,” Borg says. “But having the ability to choose when and where you partake in work-related interactions empowers the employee, too.”
But still, there are costs.
For centuries, there have been mal-intentioned tricksters employing social engineering strategies to break companies’ "infallible" security. You receive a call from someone claiming to be from the IT department asking for your password. A man in a legitimate-looking uniform asks you to hold the door because he’s forgotten his keycard. You’re given a giant, wooden horse as a peace offering. What’s your game plan?
Today, those tricksters have gone mobile, too, creating phony, malicious apps and sneaking malware where you least expect it.
Steer clear of bad apps.
Malware for mobile devices is a growing concern, and not all operating systems are the same. Borg recommends being very selective. “If you download an app about weight loss, and the application requests to access your contacts, ask yourself: Why does it need to do this?” In other words: buyer beware.
He also notes that there are no real dead-giveaways when it comes to spotting bad apps. His advice: “Exercise due diligence, download from known, well-reputed providers and be aware of smaller, unknown developers. And as always, use your best judgment.”
Avoid being the weakest link
IT professionals can make the network as safe as possible, but the strength of security is still dependent on end-users. Your company's security is only as strong as its weakest link—and that link can often be, well, you. Keep informed of your company’s policies regarding personal device use at work and avoid introducing malware with irresponsible downloads.
Then go ahead, BYOD.