Support through your toughest HR challenges: A network of 285,000 HR professionals.
Shawn Premer shows how doing the right thing for employees leads to positive business results.
Is your employee handbook keeping up with the changing world of work? With SHRM's Employee Handbook Builder get peace of mind that your handbook is up-to-date.
Build competencies, establish credibility and advance your career—while earning PDCs—at SHRM Seminars in 12 cities across the U.S. this spring.
#SHRM18 will expand your perspective – on your organization, on your career, and on the way you approach HR. Join us in Chicago June 17-20, 2018
Members may download one copy of our sample forms and templates for your personal use within your organization. Please note that all such forms and policies should be reviewed by your legal counsel for compliance with applicable law, and should be modified to suit your organization’s culture, industry, and practices. Neither members nor non-members may reproduce such samples in any other way (e.g., to republish in a book or use for a commercial purpose) without SHRM’s permission. To request permission for specific items, click on the “reuse permissions” button on the page where you find the item.
As more people and companies embrace wearable technologies—or sometimes what’s affectionately being called
the “Internet of Things”—employers are figuring out ways to keep secure the data accessed from these and other mobile devices.
Last year, according to a report from Cisco and the Mobile Work Exchange, more than 526 million mobile devices and connections were brought online worldwide, and global mobile data traffic grew 81 percent.
“Mobile devices are no longer a luxury,” according to Managing Risk in a Mobile World. “They are a necessity, and consumers, organizations and agencies rely on them to stay productive. The term mobility is no longer the future of the workforce; it’s here today.”
And while cybercriminals wait for any opportunity to access sensitive employer data, the federal government hopes to make a pre-emptive strike through policy and awareness, especially as more people telework.
The U.S. Office of Personnel Management
reported in 2013 that more than 47 percent of the entire federal workforce of 2,157,668 is telework-eligible. In addition, “more agencies are putting BYOD—bring your own device—policies in place to accommodate a more distributed workforce. Viewed in its simplest terms, if the number of mobile devices grows and the number of federal remote workers grows, then the threat increases as well,” the report stated.
To mitigate the risk of cyberattacks, the federal government instituted the Continuous Diagnostics and Mitigation (CDM) program in 2012. It is housed within the Department of Homeland Security and provides tools to federal agencies to “combat cyber threats in the civilian ‘.gov’ networks,” according to the U.S. General Services Administration’s website.
“The CDM approach moves away from historical compliance reporting and toward combating threats to the nation’s networks on a real time basis,” the site states. That can only be done with continuous monitoring and refocusing policies surrounding data protection around data and not devices, IT experts said during Mobile Work Exchange’s 15th annual Town Hall, held April 10, 2014, in Washington, D.C.
“What we need to focus on going forward is what we’re trying to protect … data,” said Robert Palmer, acting deputy executive director of the Enterprise Systems Development Office for the Department of Homeland Security.
“The reason we find it so hard to deploy solutions is that we’re taking policies and making [them] compartmentalized,” he said, adding that the policies shouldn’t focus so rigidly on devices. “Let’s put the protection around the data and then your policies around devices, etc., can become a little bit more agile and flexible.”
For example, experts said organizations large and small, public and government, can take lessons from app developers.
“If I go to iTunes or Google play and I want to rent a movie … they have my account and credit card information,” said Kevin Cox, assistant director of Information Security Technologies and chief information officer for the security staff at the Department of Justice. “I download it. It expires. But it’s that idea of identification—who it’s assigned to and the expiration date. The technology is there. We are so much more concerned about the device, [instead of] what … the user is interacting with.”
Panelists also told attendees that while security is paramount, the buck shouldn’t stop at the end user.
“Security is everybody’s job,” Palmer said. “There are some things you can do, but as deployers of that technology, we have to take some steps to put fail-safes in place. Not every user is going to take that initiative, but we have to put some steps in place to make sure there’s a mechanism in place to catch it.”
Aliah D. Wright is an online editor/manager for SHRM. She is the author of the best-selling
A Necessary Evil: Managing Employee Activity on Facebook, LinkedIn … and the Hundreds of Other Social Media Sites (SHRM, 2013).
You have successfully saved this page as a bookmark.
Please confirm that you want to proceed with deleting bookmark.
You have successfully removed bookmark.
Please log in as a SHRM member before saving bookmarks.
Please sign in as a SHRM member before saving bookmarks.
Please purchase a SHRM membership before saving bookmarks.
An error has occurred
Recommended for you
SHRM Annual Conference & Exposition
SHRM’s HR Vendor Directory contains over 3,200 companies