Business Owners

---

Business owners should note the findings of a recent report on smartphone security which showed the absence of adequate security policies and provided follow up recommendations. 

A recent International Data Corporation survey of the Irish IT market has found that IT security is one of the most important areas for IT investment. With more and more employees working out of the office and with an increase in the use of mobile devices and smartphones for business purposes, unauthorised access to an organisation’s confidential data is becoming more of a threat.

An experiment conducted in North America by the global computer security software corporation Symantec involving  50 intentionally “lost” smartphones which contained a collection of simulated corporate and personal data placed on them came up with the following findings:

• 96% of lost smartphones were accessed by the finders of the devices
• 89% of the devices were accessed for personal related apps and information
• 83% of the devices were accessed for corporate related apps and information
• 70% of the devices were accessed for both business and personal related apps and information
• Only 50% of smartphone finders  contacted the owner and provided contact information

In light of such findings, organisations should work closely with their IT providers in reducing the risk of unauthorised access to sensitive data. The following recommendations should be considered:

• Develop and enforce strong security policies for employees using mobile devices for work purposes
• Focus on protecting information as opposed to focusing solely  on devices, securing information so it is safe no matter where it ends up
• Educate employees about the risks associated with mobile devices, such as the impact of a lost or stolen device
• Take inventory of the mobile devices connecting to company networks; as an organisation can’t protect and manage what they don’t know about
• Have a formal process in place so everyone knows what to do if a device is lost or stolen. The Data Protection Commissioner has approved a personal data security breach Code of Practice to help organisations to react appropriately when they become aware of breaches of security involving customer or employee personal information. This Code of Practice can be found on The Office of the Data Protection Commissioner website at www.dataprotection.ie/docs/Breach_Notification_Guidance/901.htm

It is important for your business to implement strong security policies and educate employees as to the importance of vigilance in protecting their smartphones and devices.

Michael McHugh is  Audit Senior in OSK.

Share this Post