“Hey boss, I lost my smartphone.”
How well have you prepared for this moment? It will happen sooner or later. If your company has a plan in place, no big deal. If not, you may suddenly get that sinking feeling in your gut …
And well you might. You now have three big worries:
Three Big Worries When an Employee Smartphone Is Lost
Compliance Issues
If your employee had access to information covered by any number of regulations, your company could be subject to stiff penalties. One employer we know of wound up with a $900,000 fine.
Data Security
Sensitive company data in the wrong hands could spell disaster. Access to your network, secure sites, proprietary files, work-related e-mails and corporate secrets may now be out of your control. This situation often overlaps with Shadow IT, where employees use unauthorized apps or devices that make company data even harder to protect.
Employee Privacy and Property Concerns
If a valued employee had family photos and movies on the device, and you remotely delete all data on the phone, you may now have a disgruntled, or even uncooperative, employee. Especially if company policy regarding BYOD (bring your own device) and data loss were not clearly stated and agreed to up-front.
Seven Smart Measures to Prevent Problems
So how do you prevent a relatively minor incident from blowing up into a big problem? Here are seven smart measures you can take right now to prepare for the day an employee smartphone is lost or stolen:
1. Install a Mobile Device Management (MDM) System
Install a mobile device management (MDM) system on any employee device to be used at work. This software can create a virtual wall separating work data from personal. It facilitates any security measures you wish to impose. And to protect employee privacy, it can limit company access to work data only.
2. Determine Which Devices and Data Are Allowed
Determine which devices will be allowed and which types of company data people may access from them.
3. Require an Acceptable Use Policy Agreement
Require that employees agree with an Acceptable Use Policy before they connect to your network. Make sure these include notice as to conditions in which company data may be “wiped” – i.e., destroyed. Also include specific policies regarding device inspection and removal of company records.
4. Put Strong Data Protection Practices in Place
Put strong data protection practices in place. Require use of hard-to-crack passwords and auto-locking after periods of inactivity. Establish protocols for reporting lost or stolen devices. Mandate antivirus and other protective software as well as regular backups.
5. Designate a Data and Access Authorization Officer
Designate someone at your company to authorize access to software and critical data. This person can also be your main point of contact for questions about BYOD policy and practices. It might also work well to distribute a resource page or FAQ document to your employees.
6. Establish a Standard Lost/Stolen Device Protocol
Establish a standard protocol for what to do when a device is lost or stolen. Both Android and iOS phones have features that allow device owners to locate, lock and/or “wipe” all data on their phones. Make sure your policy requires that these features are set up in advance. Then, when a device is lost or stolen, your employee can be instructed to take appropriate action according to your protocol in order to protect company data.
7. Implement a Comprehensive BYOD Policy
And finally, your best protection is to implement a well-crafted BYOD policy in advance. Develop it in partnership with risk management and operations personnel, as well as legal counsel and IT professionals, to come up with an effective and comprehensive plan.
Conclusion
Do not delay on this – it is a serious vulnerability that can and must be addressed in order to assure the safety of your company’s data and systems.
