An Aside: “Smart” Company Policies
January 24, 2010
Increasingly, our society devotes a lot of time and energy to the use of smartphones. Whether it is a BlackBerry or an iPhone, it is the craze, and many now feel that they need to access their emails from the palm of their hands. And the corporate world is no different. Executives spend as much time focusing on the best ways to read emails, send and receive instant messages, and access the Web as the rest of us.
However, executives (and the corporations they work for) who use company intranets, also need to worry about the possibility of unintentional data distribution — meaning they should concern themselves with the fact that confidential information may be disseminated unintentionally or unexpectedly to the public. For example, if an employee-owned smartphone was reported lost or stolen, what would a company do to make any relevant data on the device unreadable? Maintaining mobile communication security is an important issue that companies need to address, now.
In his article, John Sawyer recommends that the key to solving the problem of mobile communication security is to provide “support” for such devices. Why does that mean? Whenever a company releases a new device, or software, it is bound to encounter inquiries from employees if some malfunction occurs. Typically, IT receives the calls for any technical issue and works to fix the problems. Sometimes outside service providers supply this support. Sawyer suggests that corporations handle the support in-house because it is simply too difficult to try and manage a wealth of devices from different service providers and have them fit under a single security system. Providing employees with a uniform service will help ease a company’s problems. Still, it is important to note that there are some options for managing multiple outside service providers, including Zenprise and BoxTone.
Other security suggestions include having employees use a single computing platform or encrypt company-issued devices. This will help when creating policies specifically for the correct use of these smartphones.
More...
Tagged as: Computer Forensics Protocols, Privacy.
View more articles implicating: Owners/Executives
Subscribe to this post's comments through its RSS 2.0 feed.
Winnie: Employers are often wise to have policies on record retention for smartphone text messages. Development of a workable policy may be easier said than done. The messages may be needed in e-discovery. http://legal-beagle.typepad.com/wrights_legal_beagle/2009/09/deleted-memory.html -Ben
[Reply to this comment]
Winnie Reply:
January 26th, 2010 at 2:16 AM
@Benjamin Wright, Interesting article - thanks for sharing.
[Reply to this comment]
[...] here to read the rest: » An Aside: “Smart” Company Policies e-Lessons Learned tags: also-need, another-obama, antiseptic-aesthetic, charlie-foxtrot, corporations, [...]
Employers also have the option of using remote wipes which allow admins to remotely wipe the memory of lost or stolen portable devices.
[Reply to this comment]
The smartphone problem is interesting. Unfortunately, one could easily see employers getting into trouble by failing to be proactive before problems occur (particularly smaller employers). It seems like the best solution is to find a method that works before an issue arises, but support also might be more of an issue for smaller employers.
[Reply to this comment]
I found it interesting that you mentioned an employee-owned smartphone that presumably has company information on it (email attachments, etc). While companies may be able to implement policies on all company-distributed devices, I wonder what type of privacy implications would be raised if such policies were applied to employee-owned devices. If a company is not providing an employee with a smartphone, the best solution would seem to be for employees to not access any company information from their personal handheld devices.
[Reply to this comment]
Laura J. Tyson Reply:
February 9th, 2010 at 8:14 AM
You wrote: “While companies may be able to implement policies on all company-distributed devices . . . .” I’m not sure merely implementing a policy regarding employer-provided devices is enough —-shouldn’t the company also be required to reinforce the policy? Or is the safer assumption that you have “zero privacy” with respect to employer-provided electronic communication devices? I guess we’ll all just have to wait for the Supreme Court to rule on Quan v. Arch Wireless.
[Reply to this comment]