Best Practice for Securing Mobile Handheld Devices
Introduction
The primary purpose of email in an organization is to relay important information to employees, stakeholders, and associates of the institution. Many institutions do classify how and in what capacity their computer systems are to be used. My employer, NC State University, uses the institution’s website as a means of communicating the acceptable use of email and computers while in the workplace. The website is meant to provide easy access to information should anyone feel uncertain about online activity. One can find all of the rules of conduct within the Computer and Network Use Regulations page. While some companies are stricter than others, it is sometimes acceptable to use workplace email accounts as a means of personal communication. However, because the same accounts are being used to transfer critical information such as documents, client information, and business transaction details, employers are exposed to a greater threat (Flynn & Kahn, 2003). Once information is transmitted outside the organization, without security measures in place, it can be easily misused for personal gain at the company’s expense. It can even be unknowingly intercepted by a third party. An effective approach to governing the use of mobile devices should include a well written email policy, a set of monitoring and security tools, and employee training.
Pre-Mobile security Practices
Traditional practices of securing email and data focus on desktop control, server restrictions, and monitoring tools. Desktop control includes decisions on which email client to use. Mozilla Thunderbird may be chosen for its security features like anti-phishing or remote image blocking. On the other hand, Outlook may be chosen because of its seamless email and calendar functionality. Some organizations choose to limit the size of incoming and outgoing email messages or the number of recipients emails can be sent to in a given period of time. This helps reduce the possibility that an account can be used to spam large numbers of addresses. Flynn and Kahn (2003) point out that misuse of company email is so pervasive that 47 percent of large U.S. employers review email messages. These controls are intended to monitor and protect information that originates from the company. However, the introduction of mobile devices have allowed for the evasion of such monitoring. If an institution has authority over company owned devices, then that institution is also the legal custodian of data originating from that device. Employers need to obtain temporary jurisdiction over personally owned devices that are also used for official business. The policies governing email in the workplace are ineffective if they do not encompass all devices that are used for business purposes.
To get an idea of the widespread use of mobile devices in the workplace, Pew Internet and American Life Project have performed a study of networked workers.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
jfruh
Apple syncing patent can't come soon enough
pasmith
New Twitter features borrow from 3rd party clients
Esther Schindler
Open Source Changes the Software Acquisition Process
mikelgan
How to set up continuous podcast play on the new iTunes
David Strom
Five important Windows 7 mobility features
sjvn
Guard your Wi-Fi for your own sake
Sandra Henry-Stocker
Grepping on Whole Words
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
