Mobile phones can be good for business, but they also present challenges. These include security risks, inappropriate use and questions over data ownership. With a sensible policy you can mitigate the risks and reap the rewards.
Mobile management of staff is a complex area, since it combines business and personal issues. Mobile phones are highly personal devices. Studies have shown that some users would rather lose a partner than their phone! Yet phones are also useful, and sometimes essential, in the workplace.
If you provide work phones for your staff, or allow them to use their personal phones when at work, you need a clear policy on their use. Otherwise, each phone represents a huge risk and a big hole in your IT security strategy. Here are some ideas to get you started.
1. Make security a top priority. Explain the risks to your staff. Tell them what could happen if their phones are lost or compromised. Loss of company data, hacking, perhaps legal repercussions – all of these are possible. Ensure that all phones are PIN-protected at all times. Phones must not be jailbroken or rooted (hacked to run unauthorised apps). Explain that phones are powerful, portable computers that connect your central IT system to the outside world. They must be kept secure.
2. Use mobile management software. There are tools available that will let you see – and control – what users install on their phones. This is important because some apps contain malware that could compromise your entire network. Other mobile management tools allow you to locate stolen or missing phones. Remote wiping is also an option to prevent data being compromised.
3. Protect your investment. Phone cases are cheap but effective. Yes, a shiny new iPhone might be pretty to look at, but it’s not so pretty with a cracked screen! Phones are far more likely to be damaged without a case or cover to protect them. Think about insurance too: if a phone is lost or broken, who’s responsible? Who pays? This must all be decided in advance to avoid confusion.
4. Enforce phone etiquette. It’s not just about politeness, but data security too. Employees should leave meetings if they have to take a call or respond to texts. There should be restrictions on backing up personal data to work computers (30GB of iTunes content is an unnecessary network burden). Sometimes common sense is also a legal requirement – no employee should be using a phone while driving, for example.
5. Retain access to your firm’s data. If an employee leaves your company under a cloud, what happens to the data on their phone? Can you retrieve it? What if they were using their phone for company work? Who owns the data then? You need plans for these unfortunate possibilities.
Delia Gill of Wellington-based IT Engine advises companies to set out clear rules from the start. “Have a mobile phone policy, and make sure it covers all the bases,” she says. “Every employee should read it and sign that they accept its terms. Mobile phones are useful business tools, but only if they’re properly managed.”
If you don’t have a mobile phone policy, ask your IT provider for help in creating one. The sooner you act, the better.