“But all companies,” he said, “need to learn how to balance the employee convenience with how to protect the inadvertent disclosure of sensitive information.”
Johnson recommends employers require employees upon hiring to sign a mobile device policy, including the agreement to give employers reasonable access. “Not only is there the risk of lost or stolen devices, but a disgruntled employee may leave the company with a device containing company information, and you need to be able to claw it back,” Johnson said.
His advice to employees concerned with their personal privacy of any photos, blogs or other information on their own devices: “Use employee-issued stuff for business.”
Meanwhile, Merrey also strongly recommends company policies, including the stipulation of which devices, applications and systems firms will support. “Support only one smart phone, for example, so you limit the amount of work your IT department — or IT person in the case of small companies — has to do,” he said.
“Eliminate thumb drive access to computers that hold sensitive data,” Merrey said, “and make sure all devices are protected with firewalls, encryption and passwords.”
MORE FROM NEWSOK
Sixty-five percent of businesses worldwide allow employees to use their own mobile devices to access email and other organizational data. Forty-five percent report taking additional security measures, including installing the latest security fixes and patches, conducting security audits and training employees. Only 13 percent have specific policies regarding the use of personal mobile devices.