Mobile security ultimately relies on a mixture of smart technology choices and well-communicated policies. These are the key rules you need to remember.
SIM card picture from Shutterstock
#1 Doing Nothing Is Not An Option
You can't take an "all care and no responsibility" approach to mobile security. Telling people they are responsible for security on their own devices and not offering any tools to improve or manage that process is irresponsible and unproductive. You don't have to allow absolutely everything, but you do need to develop policies that will allow staff to take advantage of the flexibility that mobile technologies offer
This is an extract from Lifehacker's ebook Making Mobility Real: How To Choose The Right Tech For Your Business. You can download the entire ebook for free here.
#2 Communicate The Policies You Plan To Enforce
Technology underpins mobile security solutions, but the human factor in mobile security should never be neglected. Workers need to understand two crucial elements:
- What the security rules are which pertain to the use of mobile devices
- Why those rules are in place.
It's unreasonable to expect people to follow procedures without explaining why they matter. The communication element of your IT strategy is just as important as its technological underpinnings.
#3 Training Is Essential
You can't expect people to follow the rules if they aren't properly explained. Because mobile technologies often infiltrate the organisation through "skunkworks" means, it's dangerously easy to assume that those same devices will introduce security options willingly and without effort. That won't happen. Document the processes needed to securely connect popular or approved device choices to the network, and make sure hands-on training is available for new hires or less-confident existing workers.
#4 Be Willing To Make Recommendations
While there will always be employees who place themselves firmly in a particular technology camp ("I will never use Windows! I will only use Android!"), not everyone is so passionate about technology. Most people just want the tools to get their work done, and confidence they won't cause problems in doing so. Make sure there's a simple, unambiguous recommendation for what should be used to address those staffers -- the zealots will make their own choices. Serve the many, not the few.
#5 Develop An Overall Security Policy
Mobile security does not exist in isolation from other elements of technology management. It will draw on resources that you use to manage overall information security within your organisation -- and the more effectively you can integrate all those solutions, the more effective (and the less time-consuming) your mobile device security management approach will be. Using disparate systems to manage individual components is only a stopgap solution at best.