Tech industry veteran, Kevin Mackin explores how to stay safe in a world of risk.
Creative professionals typically bring in their own tablets and phones to help them be more productive, both at work and remotely.
For example, accessing corporate files from home, reviewing a colleague’s reports on the train, or signing off documents on the go.
But despite productivity gains, allowing the use of personal mobile devices can put your organisation’s information and IT processes at risk.
Bring Your Own Danger
Security concerns are the main issue when the personal non-secure consumer devices operate in a business environment.
One of the biggest risks is someone losing or misplacing their device, for example in a restaurant after lunch with a client. Imagine losing a tablet that has a new advertising brief, an important presentation, or the latest SEO strategy. What would happen if a competitor, a client, or the press got their hands on it?
Furthermore, it’s not just the information stored on the device that can be accessed, but also potentially everything on the corporate network, courtesy of apps on the device.
You don’t want to be tomorrow’s headline, and be forever known as the agency that lost all of its client data. Your reputation would be trashed overnight.
So how can you protect information downloaded or shared on highly portable devices?
Malware infected apps
People also bring the apps installed on their devices into the workplace. These consumer grade apps and services could easily be malware infected. Whether that’s using the latest photo or mobile file sharing app, the security typically isn’t up to scratch in a business environment. Consumer apps are just not designed for the rigours of professional use.
Also, unknown to the user, many free mobile applications collect information from the device, such as a contact list. Many services also ask for permission to access device resources. Most people are sloppy and don’t read what they’re agreeing to when they install apps, so it’s likely that workers have installed apps that are susceptible to control by third parties who can access your organisation’s valuable data.
Cloud-based storage services
Many of these services, such as popular file sharing apps, are cloud based. This means information is often stored in the cloud, outside your control.
The advertising and marketing industries are prolific users of cloud file services, and this will only increase.
But when consumer grade cloud solutions are used it puts your business at risk. You don’t have full control of how your information and data is being shared, managed or stored.
It’s important that cloud based file sharing services are designed specifically for businesses. This means you, not some third party, have control over your information. You can set authorisation levels to grant different levels of access to specific files, determine how people access them, and importantly, who is allowed to receive them. You can also track individual files, for example after sharing with a colleague or a client.
Scrutinise cloud services regularly
When you hear about a recommended app or read about a new online service, look at how it will not only support workplace efficiency but also meet your obligations as a business partner and supplier. In Australia, the Australian Privacy Principles apply and provide specific protections for personally identifiable information. It is the responsibility of all businesses in Australia to meet and maintain their compliance with these guidelines.
Create a successful BYOD policy
- Sounds too easy, but insist all employees and managers use a PIN code to lock their devices.
- All workers must register every personal device they bring into the workplace, as well as all apps and services on that device.
- Both devices and apps must conform to minimum security requirements. Approval needs to be given for each new app and service.
- Do the research yourself, or find external expert IT advice to find quality apps and services, and then train employees how to apply security and privacy settings.
- Don’t make exceptions for senior managers, as they typically have access to more sensitive information.
- Workers need to understand and agree that their device will be remotely wiped if it gets lost or stolen. So any personal data, such as family photos or personal contact lists will also be deleted along with corporate data stored on the device.