The use of SMS within businesses is increasing
and firms need to be aware of the security risks, says Sarah
Carter.
After the BBC reported that a text message stalker is
jailed for five months, I wonder how long it will be until we see
organisations being held responsible for the way employees use
their company-owned mobile phones.
Text messaging is no longer just the pastime of teenagers; a
poll carried out by the Mobile Data Association at the SMS 2002
conference in November showed that 60% of business used text
messaging on a daily basis.
Just like any other part of an organisation's communication
system such as telephones, web access or e-mail, mobile phones and
their messaging functionality must be included as part of a
company's overall corporate governance stance.
As such, there are several problems relating to the use of
company-owned mobile phones that organisations need to consider.
These range from general abuse of text messaging causing increased
call charges and the potential for offensive or racist text
messages to be sent, to inadequate security to protect confidential
messages.
Since the introduction of tighter e-mail usage policies within
UK organisations, there has been a noticeable upsurge in SMS usage
among business users.
I believe that in a bid to beat the prying eyes of conventional
internet security content scanners, many employees are now sending
jokes and personal messages to friends and colleagues via mobile
phones.
The danger of casual SMS messaging is that this could lead to
defamatory or libellous remarks, jeopardising the company's
reputation.
As MMS (Mulitmedia Message Service) usage becomes more
widespread and users start to send colour images or even video
clips from their mobile phones, the risks will only become
greater.
Imagine the chaos that could be caused if several people start
using picture messaging at the next office party - I'm already
considering a ban!
It would be easy to assume that if neither the recipient nor the
sender keep the SMS message that any dispute arising from the
message would be irrelevant.
However, many network operators keep text messages for up to 12
months, so it might be possible for those messages to be subpoenaed
as evidence or even requested under the Data Protection Act.
I can't help but wonder that if there are so many different
issues that relate to the use of company-owned mobile devices, why
is it that businesses are only just starting to realise the
importance of protecting themselves?
Up until now, SMS communication has been seen as informal. And
now that this image is changing, will companies start looking for
recompense when things go wrong? Or is it that SMS, has been
adopted mainly by Europeans and not by our litigious cousins in the
US, that we have not seen any real issues in the general media?
Whatever the reason, the moment using SMS within the realms of
good corporate governance becomes difficult, solutions need to be
identified and implemented.
Not just for the problems that exist now, but for the future
threats that SMS and mobile technologies will pose to organisations
such as viruses, which are sure to come as next-generation hardware
with sufficient processing power becomes available.
What do you think?
Has your company taken steps to secure your mobile usage?
Tell us in an e-mail >> ComputerWeekly.com
reserves the right to edit and publish answers on the website.
Please state if your answer is not for publication.
Sarah Carter is co-author of the white
paper, Corporate Governance Issues for Mobile Communications, which
is available through HarrierZeuros.