Get access to the exclusive HR Resources you need to succeed in 2018.
Sign up for free email newsletters and get more SHRM content delivered to your inbox.
Is your employee handbook keeping up with the changing world of work? With SHRM's Employee Handbook Builder get peace of mind that your handbook is up-to-date.
Build competencies, establish credibility and advance your career—while earning PDCs—at SHRM Seminars in 14 cities across the U.S. this fall.
Gain the skills you need to rise to the next level in your career. Jon us at SHRM's Leadership Development Forum, October 2-3 in Boston.
Members may download one copy of our sample forms and templates for your personal use within your organization. Please note that all such forms and policies should be reviewed by your legal counsel for compliance with applicable law, and should be modified to suit your organization’s culture, industry, and practices. Neither members nor non-members may reproduce such samples in any other way (e.g., to republish in a book or use for a commercial purpose) without SHRM’s permission. To request permission for specific items, click on the “reuse permissions” button on the page where you find the item.
Did you know that 40 percent of employees at large companies in the United States use their own mobile devices for work?
That’s according to
a new study of 4,300 U.S. adults polled by information technology research firm Gartner, and it’s a trend that’s unlikely to lose steam—even though experts say mobile apps now pose the greatest potential for security risks.
Yet despite the inherent risks, the bring-your-own-device phenomenon isn’t going anywhere, said panelists participating in a mobile security webinar titled
Transforming the Federal Government: The Mobile Security Movement on Nov. 18, 2014.
According to the Mobile Work Exchange, which sponsored the webinar, many employees fail to take extra precautions to secure their devices, even though those devices may comingle data from work and personal information.
In fact, according to the Mobile Work Exchange:
52 percent of poll respondents reported that they fail to use multifactor authentication or data encryption.
31 percent of respondents said they use public Wi-Fi.
25 percent of respondents admitted that they fail to use passwords.
6 percent of respondents who use a mobile device for work said they have lost or misplaced their phone in the past.
With telework expected to grow within the next five years, according to the Society for Human Resource Management, and more people using their personal devices for work purposes, panelists said it is imperative that organizations address mobile security through education and training for employees, managers and IT professionals alike.
Education is Critical
“The mobile revolution is changing the security landscape,” said Dr. Sam Musa, branch chief of the Office of the CIO for the U.S. Equal Employment Opportunity Commission (EEOC). “It’s shifting the control from IT into users’ hands.
“The IT office does not have 100 percent control over these devices, and the more we rely on users’ help to enforce security measures,” the better, he continued. “Educating users is the highest priority.”
IT professionals should make sure that users can only access what is absolutely necessary for them to do their jobs, without putting certain information at risk of a breach.
“You have to know what data you need,” said Tarrazzia Martin, strategic advisor for Enterprise Planning and Change Management for the Department of Housing and Urban Development. “If we can get our hands around the data to perform our mission, and who needs access to that data … based on their role … we’re ahead of the game 100 percent. It’s more about organizational structure—what kind of data you need to perform your jobs.”
Companies can take certain steps to make sure confidentiality, integrity and security of data are maintained.
“Encryption can be implemented, mobile device management products can be installed to control these devices, remote desk wipe can [be deployed] if a phone is lost or stolen or compromised, and frequent awareness training is a necessary measure to protect the users,” Musa said.
“People tend to be reactive rather than proactive,” added Amy Price, a solutions architect for the computer maker Dell. “Security is something people don’t take seriously until an event … happens. It is absolutely an organizational change issue. We have to get people to realize the value of the information on their device … to protect it, and what they need to do.”
Be Wary of Apps
“Mobile security is at greatest risk on the app level,” said Jose Padin, senior systems engineer in the public sector division of Citrix. “Sixteen percent of employees have used a rogue app [one unapproved by the company] and 22 percent have used a rogue service,” on their personal devices. “At the end of the day, people are trying to get their job done and if we don’t offer them a secure way to do that, they’ll find a way to get it done,” and that way may not always be secure, Padin said.
Price noted, “I know people are trying to do their job in the best way possible and sometimes what is perceived as a security threat is something that they think gets in the way of them doing their job. We need to remember that IT should be an enabler to this.”
Personal responsibility is important, too. Companies need to determine exactly what types of data can live on a device “and what needs to be protected,” Price said, “and train employees on the difference between the two. Once you get alignment on that, you can make the right choices on technology.”
Aliah D. Wright is an online editor/manager for SHRM.
You have successfully saved this page as a bookmark.
Please confirm that you want to proceed with deleting bookmark.
You have successfully removed bookmark.
Please log in as a SHRM member before saving bookmarks.
Please sign in as a SHRM member before saving bookmarks.
Please purchase a SHRM membership before saving bookmarks.
An error has occurred
Join SHRM's exclusive peer-to-peer social network
SHRM’s HR Vendor Directory contains over 10,000 companies