Mobile IT requires staff to take greater responsibility, says Mark Beattie
If the internet has transformed the way we work in the past decade, mobile technology will be the major force for change in the next 10 years.
But while both the internet and wireless devices improve productivity and help us to work wherever we choose, they also share a common risk - security.
In the PC market, viruses and Trojans have been the bane of businesses and many have gone beyond being mere irritations. Some companies have been brought to a halt by software criminals, but a concerted and effective fight-back by software suppliers and enterprises themselves has begun to address the challenge.
However, the popularity of smartphones and the take-up of 3G services poses an altogether different security threat. Thanks to the throw-away culture of mobile phones and the sheer numbers of them in use, companies are far more at risk through the loss of wireless devices than through PC hacking or internet viruses. In 2005, some 700,000 mobile phones were mislaid in the UK, although anecdotal evidence suggests that many are deliberately lost in the hope of getting an upgrade.
Increasingly, those phones are powerful communications devices offering access to e-mails, corporate information and customer data. And no longer is it merely the iconic Blackberry that offers instant or "push" e-mail. Microsoft technology, coupled with e-mail roll-out services such as Orange Office Freedom, means that hundreds of thousands of existing devices will have an automatic "live" e-mail inbox too.
Unlike work PCs or laptops, these far more portable items are often used for both personal and business reasons. As "always on" devices it is understandable that many users do not always remember to lock them with passwords. Research from Orange reveals that 40% of UK businesses do not secure handheld devices to the level that they secure laptops. But 70% say that data falling into the wrong hands is their biggest concern.
So how do we protect our businesses from this new threat? The first step is to establish clear responsibilities. Today, there is evidence that responsibility for security is being placed firmly in the hands of the user. But it is essential that attitudes change and security is shared between the company and the employee.
Seventy per cent of UK managers say that employees do not know how to secure phones - or do not care. And many say it is not the responsibility of either the board or the IT department to manage it. One in three businesses have no mobile security policy, and of those that do, 60% fail to enforce it.
Consistent communication is critical to enforcement of a mobile security policy. There are some simple strategies that organisations should consider.
Today's technology allows even the smallest business to deactivate phones when lost, or to configure devices remotely to ensure the correct level of access. Wherever possible, devices must therefore be managed dynamically, rather than forgotten once assigned to a member of staff.
Before rolling out smartphones to employees, companies should train them in how to secure them.
Mobile security is not merely about the loss of devices, but about the threat to the integrity of a company and of customer information. At stake is the reputation of a business, and possibly even its survival. This being the case, security is not simply a matter for IT managers. It must have the support of the board and should be integrated with HR policies.
Ownership and responsibility go together, and central to changing attitudes to security is a sense of ownership. If devices are used for personal reasons, encourage staff to treat them as they would their credit card. If they prefer to use their own devices for work, accommodate their wishes where possible. Where you are issuing smartphones to staff, consider offering a range from which they can chose, again instilling a sense of ownership and care that might otherwise be lacking.
Mobile technology has the power to change the way we work by changing where we work. But with this freedom comes new risks and responsibilities. It is incumbent on business leaders to share those responsibilities between themselves and their staff.
Mark Beattie is IT director at London Waste
Have your say
If you have an opinion on this or any of the other articles in Computer Weekly, we want to hear from you. E-mail your thoughts to:
This was first published in April 2006