Many internal information security and privacy control team members struggle to establish and maintain good security controls within their organization in the area of mobile devices. After much frustration they often return to and focus on a simple question: How can our organization support the use of mobile devices in our day-to-day business activities without compromising security?
We believe an article written by Joel Snyder and posted on the SearchMidmarketSecurity.com website attempts to answer that question, and, also add some interesting insight and direction for your company’s information security team members to follow.
While it may not be as obvious to some that the establishment of your company’s mobile device security policy is a critical step, Joel Snyder clearly states that “…without policies, you end up with an “anything goes” no boundaries environment that opens you up to liability for loss and encourages staff to solve their own problems in their own way. For example, someone might decide that synchronizing your company address book with the contact list on his or her phone is a good way to solve the problem of remote access to phone numbers — until they lose the unprotected cell phone and your company directory with it.”
Mr. Snyder goes on to indicate that security policies for mobile devices should focus on at least the four following key areas: (a) device selection and provisioning, (b) device deployment and configuration, (c) device use and policies around maintenance and loss, and (d) device recovery and disposal.
Some of the additional links listed in the article also offer a good resource for information that might help our readers meet other information systems security, security compliance, ISO 27001 or other security audit requirements.
To read Mr. Snyder’s full article, click here.