With the proliferation of smartphones, tablets and other communication technologies, IT departments are increasingly facing the daunting task of keeping critical data safe and protecting its internal computer systems. In this article, we will go over some general thoughts to keep in mind when dealing with data safety among a mobile workforce.
Having a mobile workforce has many advantages. It can give you more flexibility in doing business, can offer incentives to employees, can utilize resources more efficiently and increases customer satisfaction as well as potentially shortening the sales cycle.
But it is important to remain cognizant of the potential for data loss and theft as a result of an increasingly changing and mobile workforce. Here are a few ideas to keep in mind when considering an overall data theft prevention strategy for your organization.
Evaluate Potential Sources of Data Loss
The first step is to find out the sources of any potential data leakage in your organization. While some are obvious, like computers, it is important to get specific in order to develop equally specific and tailor-made preventive solutions. Here are a few potential risks:
- Smartphones like the iPhone are becoming more ubiquitous and represent an important risk of data loss
- Tablets and laptops are by design, mobile, and therefore can be difficult to monitor at all times
- Online services including email, data storage, CRM and other essential business tools can also leak critical data to wandering eyes
- Storage devices like USB sticks, hard drives and dvd’s should also be part of any inclusive data prevention plan
These are not the only sources of data loss that exist but are some of the most important ones.
Manage Instead of Punish
Having a mobile workforce means that employees are more dependent on key technologies. But it also means that employees are more likely to use these technologies for personal use while on the road.
Instead of having a no-use policy with regards to employee use of business assets for personal reasons, try to create specific policies for managing employee behavior.
If an employee is on the road for 8 hours a day, it can be unrealistic to expect them not to use their computers, smartphones and tablets for personal reasons at least once time.
Protect Your Smartphones
Make sure your employee smartphones are password protected at all times. This does not mean your phone can’t be hacked if lost, but does provide extra security in the event that it is stolen.
The IT department should also have the ability to monitor smartphone activity, as much as feasible, as well as the ability to perform a clean wipe remotely in order to delete sensitive information as quickly as possible. Many smartphones now support remote deletions or remote management in one shape or the other.
CRM Services and Security
If your employees use CRM services like Salesforce.com or others, then this needs to be considered as part of an overall security strategy. Consider limiting the access to reports to only these employees that require it.
If the CRM service supports it, assign different user profiles with varying degrees of access in order to limit the potential of data loss. This way, you can selectively allow access to reporting, API integration, exporting or any other action you deem potentially risky.
Cloud Storage Services
Remote file storage services like Dropbox are very popular but can add additional risk for losing your important data. A recent Guardian article details some of the risks involved with this particular service, but risks can be equally applied to other services as well.
If you are a user of cloud storage devices, then make sure you examine which data is stored and shared and in which way.
Data Loss and Physical Devices
USB memory sticks and portable hard drives also need to be accounted for. A detailed record needs to be diligently kept of the number of devices that are in possession by employees as well a summary of their content. Consider numbering the physical devices and performing period checks to ensure optimal security.
Common Sense Approach
Sometimes, having a common sense approach can do wonders for data security. It’s important to speak with employees not only to inform them of the importance of data security but to also gauge their level of active interest and/or knowledge of the various issues affecting security.
Finally, it goes without saying that any data security program will need to be deliberate and continuously revisited for optimal effectiveness. Any successful plan needs to see the employees become active participants in order to maximize the applicability of security policies across the organization.
Having a mobile workforce is a strength for any organization and allows it to become more agile and respond to internal and external factors more quickly. Having a well thought out and thorough plan for securing critical data is a necessity in order to avoid major breaches of information. Hopefully, these tips will help you get started in the right direction.