Securing Your Company Mobile Devices: Don't Become the Next Panama Papers - Part 1 of 2

Personal smart phones dominate the corporate workplace.  The BYOD, or “Bring Your Own Device,” has become ubiquitous in offices worldwide. One device for work and one for personal use is typical in today’s arena; it is more than just the social media marketing managers and savvy employees or lawyers who want continuous access. As employees look for more room to adjust hours and scheduling, BYOD allows them to easily bring work to home – and home to work.

Companies save money by lowering infrastructure costs and have the comfort of knowing that their employees have all their emails, files, and calendars in one place (or stored on the cloud and accessed from multiple devices) accessible at any time, increasing productivity and efficiency.  The downside is that the individuals responsible for securing the workplace environment are gritting their teeth. Why? According to the Ponemon Institute, about 68% of respondents reported that their mobile devices have been targeted by malware of some variety during 2013. A survey published in the 2013 Summer/Fall issue of the Journal of Law & Cyber Warfare (www.jlcw.org) of more than 50% of the 300 senior executives at large and small companies stated they did not have a formal policy in place or the capability to manage employee owned mobile devices. 

Below is a discussion of the impact that not having policies and procedures in place to address BYOD issues can present for companies and law firms, big and small.  

THREAT #1: A Malicious Viruses Attacks a Company Systems by Way of an Employee’s Mobile Phones

On average most employees, whatever their field, are not particularly malware savvy, which means they are not up on the details of evaluating security on apps that they download.  Typically these individuals do not have malware scanning technology on their mobile devices. Many companies today invest substantial resources in providing employees with robust anti-virus and malware scanning tools for their computers and information systems, but leave the employees mobile devices exposed and vulnerable to thousands of potential adversaries.

How, then, to protect against these potentially disastrous smartphone malware laden apps? Most companies purchase anti-virus, anti-malware software for their computers. It seems logical, then, to extend that policy to mobile devices as well. Why not invest in protecting your employee’s devices? By extension, protecting employee devices provides insurance for the security of a company. People bring their devices to work whether or not there is a stated policy in place, and whether or not they are able to actually do work on those devices.  One solution is to mandate that every mobile devices used by employees has malware detection software installed.  Of course, the solution is likely to require that a lawyer skilled in these issues review the policies, the underlying software agreements, and the privacy agreements involved with implementing this solution. It is critical that the lawyer advising any company has a firm grasp of the complex legal issues and the technologies to ensure a successful rollout.

Recommendation: Purchase Mobile Malware Detection Software and Require Employees to have this Software Installed and Operational on their Mobile Devices

In the next installment, I will provide further examples and recommendations.

*republished from Thomson Reuters