For most businesses, smartphones and tablets have already become regular pieces of office furniture, chirping and buzzing beside an employee’s computer. Under a workplace protocol called BYOD, or “Bring Your Own Device,” employees tote their own tech with them into the office, using them to complete their tasks. BYOD is already quite common. The Forrester Research’s Forrsights Workforce Employee Survey found that 70 percent of companies surveyed have some form of BYOD program in action. In those programs, 62 percent of employees use their own cell phones for work tasks, 56 percent use tablets they purchased themselves, and 39 percent bring in their own laptops.
Smartphones and other mobile tech are already important for many employees, so it’s reasonable to expect their importance to grow in the future. That can be a great thing for a small business, but it can also open up some new risks associated with employee-owned mobile devices. Below is a peek at the future of mobile security for small businesses.
BYOD can mean lower costs, more flexibility—and more risks
While it can lower costs, BYOD presents a small business owner with unexpected challenges. When all devices are company-owned, the business owner can insist that all the devices are fitted with antivirus and anti-spyware programs, have secure internet connections, and use firewalls to keep company and customer data safe, and he or she can check that every device is protected. When employees use their own devices, it’s much harder to ensure that every device has the same levels of protection, since employees in a BYOD program can use their own brand-new cell phones, a friend’s tablet, or a computer that isn’t secure.
This, of course, opens your network up to security risks, since no business owner can exercise total control over all the devices an employee could potentially use. A study by Trend Micro found that only 20 percent of the 400 million activated Android devices have security apps installed. That leaves 320 million devices open to malware that criminals can exploit to steal information, including call logs, text messages, passwords, and even the phone’s location. That doesn’t even take into account the ease with which cell phones can be stolen—they’re involved in 30-40 percent of all robberies and theft in the US, according to the FCC.
BYOD opens up a lot of flexibility and funds for small businesses, but it can also expose a business to unanticipated risks.
Businesses will need to manage devices, data, or both
Ultimately, small business owners will have to choose between managing employees’ devices, managing their data, or some combination of the two.
Managing devices can mean forcing employees to adopt privacy and data protection on their own devices, but that can be nearly impossible to implement fully or track. It can involve banning the use of personal devices during the working day, but that’s unrealistic too.
One final option for managing devices is the provision of protected devices. A company called Blackphone has developed encrypted smartphones that companies and individuals can use to access private data securely. RIM’s BlackBerry segregates personal and professional apps and programs on their phones, giving extra security to the work apps. Secusmart even gave Germany’s chancellor Angela Merkel a beefed up version of the BlackBerry Z10 that they claimed the NSA couldn’t crack.
Of course, those options rely on a level of cooperation from employees that might not always be reasonable. Instead, employers can opt to manage their data. After all, they can implement strict security measures that allow employees to access company data from anywhere, while protecting the data itself from criminals or corporate spies.
This is called Mobile Application Management (MAM). With MAM, companies can control the level of encryption and access that employees have at any given time. They can create levels of permission that allow employees to access only the information they need with each device. Certain MAM apps can even create entire virtual phones on employees’ devices, allowing them to access data and store contact information in a secure, encrypted folder on their own device.
Whatever method employers employ, they’ll also need to protect the devices their employees use. This usually involves tracking, shutting down or finding a lost or stolen device. It can include having employees adopt two-step password authentication, or apps like Google Authenticator.
Each major smartphone platform allows users to remotely shut down a missing device. The iCloud allows iPhone users to wipe their phones remotely. Android Lost and BlackBerry Protect do the same for Android and BlackBerry users, respectively. Windows Phone users have to sign in to the Windows Phone website, but they can shut down their phone as well. And in case all technological solutions fail, TechTagger allows device owners to put unique QR codes on their devices so if one is lost, the person who finds it can alert the owners without having access to personal identifying information.
What’s in store for the future
The future of mobile security will require adjustments across all of a small business’s departments. IT professionals need to focus their security efforts on wireless infrastructures, wireless services, and other security processes for mobile devices. Managers need to adopt cloud-based and SaaS apps that work across all mobile platforms. Companies will need to budget more for wireless technology and less for fixed or wired technology.
The benefit of all the investment and budgeting, of course, is that small businesses will be prepared for the future of mobile security.