Security risks created by “Bring Your Own Device” (and by general, un-managed used use of smartphones) in the business environment is a BIG DEAL. This is something I have been talking to business about for a while now, and it had felt rather like I was swimming against the tide. Realization, however, is starting to dawn that, while smartphones (and mobile devices in general) can be an incredibly powerful business tool, without appropriate policies and controls (both in terms of directive to employees and management of the actual devices) these can create unforeseen, and some cases monumental, risks to businesses.
Obviously, not every business is such that the information accessible, stored, or otherwise passing through its employees’ mobile devices created significant risk for the company. As more and more business is conducted by mobile device, however, the nature and severity of potential risk will continue to increase.
In evaluating where mobile devices fit into a company’s infrastructure (and particularly when determining whether a BYOD policy makes sense for the company) it is vital to evaluate the nature of the company information (e-mail, documents, client lists, etc.) that will or might be utilized on these devices and what the sensitivity and/or secrecy value of that information might be. The company then needs to both clearly define acceptable use policies for its users and to come up with IT policies, procedures, and management tools to address the security implications associated with the devices.
Failure to take these (no always simple) steps can have tremendous negative effects on businesses. If your company is not considering these issues and moving to deal with them appropriately and promptly, then it needs to do so. A company does not need to be on the scale of IBM to run afoul of the perils of mishandled mobile device management. This is a risk management issues that simply cannot be ignored if mobile devices are a part of your business landscape!