As I mentioned in a previous post, although there are many organizational benefits to mobile technology, there are also risks. It is nearly impossible to read the newspaper (on paper or online) and not stumble across an article about data security. Organizations continue to grapple with not only an increase in the quantity of cyber attacks, but also an increase in the sophistication, as was pointed out in this recent post on DefenseSystems. When we think about the risks associated with data privacy, directed attacks are only on piece of the pie, there are also data leaks. Data leaks can result from even the best intentioned of employees if they aren’t aware of the risks. Leaders of organizations with mobile people and mobile devices need to put in place plans to protect themselves from these risks.
Now as the office walls come down and telecommuting goes up, we find more of our employees working from here, there and everywhere. Increased flexibility, productivity and cost efficiency are proving why a mobile workforce can be a good thing. No longer tethered to their desktops, employees can better serve clients and balance their personal needs. But when you have an employee working from an airport, a coffee shop or a hotel restaurant, you increase the likelihood that they are not the only ones checking out their work. We assume everyone around us is a stranger, with no interest in our work, but that’s not always true. Calls can be listened to, documents can be read (over shoulders no less over unsecured networks) – and all of this can be done simply because employees are not in the office.
Does this mean we should force all of our employees to work from the office or be constantly looking at those around us with suspicion? No. We need to be aware of the reality, not so we can sink in paranoia, but so that we can prepare. For example, these simple tactics from Ehow such as privacy screens can deter peering eyes.
And mobile people are truly only mobilized because of mobile devices – smaller, more efficient technology that laughs at the days when cell phones were bricks with antennas and computers barely fit in rooms, nevermind cubicles. While organizations may have more control over their issued laptops and phones, personal devices are open season to data hunters. Unsecured connections and applications, along with the relative ease of nabbing someone’s cell phone are good enough reasons that we should be thinking about protecting our data. While technical filters, such as data encryption and password protection are important, leaders need to take it a step further and institute data and device policies.
In addition to those filters, organizations should establish “a use-policy for mobile devices that takes advantage of their built-in security features and adds to those the best practices recommended by data security professionals. Examples include enabling “remote wipe” capabilities, so users can remove all data from lost devices; using strong passwords and changing them regularly; and installing and updating anti-spyware applications” said Gadi Ben Yehuda of the Center for the Business of Government in his recent blog post, Smart Policies for Smart Phones.
“Education is the most powerful weapon”*
As Gadi concluded in his blog post, so will I: Education is the most important thing your organization can do. Educate your employees on the real risks associated with mobile technology. Chances are your employees aren’t aware of the fact that data that can be taken off of their smart phones from applications or how little information is needed to piece together a complete story with Snapshot technology. Let your employees know how they can protect both their personal data and the organization’s, starting with simple changes like password protecting their phones. And don’t forget to mention the point of it all, when data is leaked, the risk isn’t simply to numbers and products, but to real people and their personal information, something we should all be invested in protecting.
*A portion of a quote by Nelson Mandela