Security Think Tank: Challenges and opportunities of smartphone security policy

Employees using their personal smartphones for work present added pressures to keep the network secure.

Employees using their personal smartphones for work present added pressures to keep the network secure, running effectively, properly managed and flexible enough to cater to the needs of those employees who need access to confidential corporate data in the workplace, 

The basic steps to take to manage the growth in usage of employee-owned smartphones in the workplace are:

1. Come up with a smartphone policy that works best for your business.

The kind of devices allowed on the network should be dictated by a smartphone policy that is rigorously policed. The various models and different operating systems are not as great a concern if security measures - such as password protection, data encryption and remote lock - and management capabilities such as a remotely wiping out company data from a device, are in place. 

The same process for creating strong passwords for traditional hardware can be adopted for smartphone use - the more obscure, the better. At the very least, basic security and malware protection should be present on every device; if they are not compliant with the policy, they are not allowed on the network.

Security Think Tank: Challenges and opportunities of smartphone security policy

2. Educate your employees.

Once the policy has been created, management needs to enforce it and ensure all employees are aware of what is covered. Management should emphasise that once employees connect their personal smartphones to the office network, their personal data and ownership could be affected. For example, if a smartphone previously connected to the office network is reported lost, the policy may cover the ability for management to remotely wipe the data on the smartphone, inclusive of the employee’s personal files, such as images and video clips. The same situation may arise when an employee leaves the company. Furthermore, certain applications on the smartphone and certain capabilities, such as camera, GPS and USB connectivity, can be disabled.

3. Improve. Improve. Improve.

The smartphone policy should not be something that is etched in stone or left to collect dust in a backroom, but be regularly amended to maintain standards without compromising security and the business’s capability to manage these devices. The policy needs to be flexible to new and advanced smartphone technologies

Taking a proactive approach to the growing mobile employee trend in business environments is important. Acting now is preferable to trying to address the problem in piecemeal fashion when it's too late and policies are harder to enforce.

Jovi Umawing is a communications and research analyst at GFI Software.

This was first published in January 2012



Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT risk management



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:




  • Dissecting the Hack

    In this excerpt from chapter three of Dissecting the Hack: The V3RB0TEN Network, authors Jayson E. Street, Kristin Sims and Brian...

  • Digital Identity Management

    In this excerpt of Digital Identity Management, authors Maryline Laurent and Samia Bousefrane discuss principles of biometrics ...

  • Becoming a Global Chief Security Executive Officer

    In this excerpt of Becoming a Global Chief Security Executive Officer: A How to Guide for Next Generation Security Leaders, ...