Unless you’ve been under a rock, you’ve certainly heard about Pokémon Go, the smartphone-based game that has kids and adults wandering urban and rural areas in attempts to “Catch’em All!” How about social media apps or from the nearby coffee chain, big box retailer or local/national news station? What about the free trivia app or the one that claims to improve sleep?
Do your employees have any of these on their company-issued smartphone or tablet? With the exception of very few, you can be assured your employees have downloaded apps and clicked the “User Licensing Agreement” without blinking an eye. What access to the devices’ data have they given?
What about those who use their personal smartphone/tablet to access company e-mail?
What employees download and do on them should be on every CEO/CIO’s to-do list as the amount of data shared and stored on devices is often never deleted. Besides the remote hacking via Bluetooth, WIFI, or malware, what company information is easily retrievable and sellable if an employee loses or has the device stolen?
Take a moment, right now, and look at folders on your smartphone or tablet where files are stored. Such as: “Download”, “Photos”, and “Documents”. I clear my phone out each week, but am still amazed at the information about Quortum that is on my 4.5-ounce smartphone after only five days of “doing business”.
Do the devices employees use to access company information contain:
- Downloaded email and attachments?
- Their personal Yahoo/Gmail account access?
- Detailed information on the employee and their relationship with the company?
- Full details on company employees and business contacts, to include sensitive identifying information, such as phone numbers, addresses, titles, birthdates?
- Sensitive documents downloaded so they could take a quick look while at a doctor’s appointment or on the road? Proposals? Contracts? Design of a new product or marketing scheme?
According to Litmus’ Email Analytics, who track 1 billion e-mail opens each month, 54% of all e-mails are opened on a mobile device and only 19% are opened on a desktop. This indicates much of the network security you have in place may not protect your organization from intentional or unintentional data losses.
So, think about your organization’s sensitive information and where it can be remotely accessed by malicious actors. We have to be realistic and accept some risk but there are a few simple ways to significantly reduce that risk, such as:
- Have a clearly defined equipment user agreement for all employees, whether they use company or personal devices.
- Educate employees on risks and ways to reduce the chances of losing your company data and their personal information on their devices.
- Notify employees of updates, especially Android and IOS operating software and how to configure their devices to automatically install updates.
Statistics show companies with clear device policies and awareness programs in place are less likely to suffer losses of Intellectual Property, sensitive data, or employee/customer Personal Information. Development of these policies will likely fall on the CIO but they don’t have to be too intricate to reduce the associated risks. However, they should be vetted by your HR and Legal team to ensure compliance and to have it incorporated into future awareness programs.